Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Whitelisting

From: "Erik D. Sciortino" <ESciortino () ABIM ORG>
Date: Thu, 7 Feb 2013 16:25:22 +0000
Good Morning All,

I want to start tuning my Snort install so I can cut down on some of the chatter currently being seen in the logs. I 
would like to use whitelisting to help eliminate some of the legitimate server traffic chatter that I am seeing in 
Snort. Can I create a Whitelist rule for a specific system-to-system interaction (i.e. the IP traffic going between my 
BlueCoat ProxySG and ProxyAV) or do whitelist rules only work based on Source IP (i.e. I could whitelist the IP address 
of my ProxySG only). If it is possible to create a whitelist rule for system-to-system interaction, would it be 
possible for someone to provide me with some sample nomenclature that I could follow?

Thanks in advance!

Erik

Erik D. Sciortino, CISSP, CISM, CIPP
Director of Data Security

American Board of Internal Medicine
510 Walnut Street | Suite 1700 | Philadelphia, PA 19106
P: 215.446.3525 | C: 215.847.2207 | E: esciortino () abim org<mailto:esciortino () abim org>
www.ABIM.org<http://www.ABIM.org>
P Save Paper - Do you really need to print this e-mail?



________________________________
CONFIDENTIALITY NOTICE: This message and any attachments may contain confidential or proprietary information and are 
only for the use of the intended recipient(s) named above. If you are not the intended recipient or an agent 
responsible for delivering it to the intended recipient, please notify us immediately by replying to this email and 
delete or destroy the original and all copies thereof. Any unauthorized disclosure, use, distribution, or reproduction 
of this message or any attachments is prohibited and may be unlawful.
________________________________

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: