Snort mailing list archives

Re: Question on http_inspect

From: "Lay, James" <james.lay () wincofoods com>
Date: Tue, 8 Nov 2011 09:00:59 -0700

From: Owen Blandford [mailto:OBlandford () gsoc treas gov] 
Sent: Tuesday, November 08, 2011 6:36 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Question on http_inspect

I am seeing a vast number of http_inspect alerts for what is legitimate
traffic. How do I tune these alerts out?
Thanks,
Owen



Owen,

Threshold those babies out...for example:

threshold.conf:
suppress gen_id 120, sig_id 3

James

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Question on http_inspect Owen Blandford (Nov 08)
- <Possible follow-ups>
- Re: Question on http_inspect Lay, James (Nov 08)