Snort mailing list archives
Re: Question on http_inspect
From: "Lay, James" <james.lay () wincofoods com>
Date: Tue, 8 Nov 2011 09:00:59 -0700
From: Owen Blandford [mailto:OBlandford () gsoc treas gov] Sent: Tuesday, November 08, 2011 6:36 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Question on http_inspect I am seeing a vast number of http_inspect alerts for what is legitimate traffic. How do I tune these alerts out? Thanks, Owen Owen, Threshold those babies out...for example: threshold.conf: suppress gen_id 120, sig_id 3 James ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question on http_inspect Owen Blandford (Nov 08)
- <Possible follow-ups>
- Re: Question on http_inspect Lay, James (Nov 08)