Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Event Suppression

From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Tue, 24 Jun 2014 21:25:33 +0000
I’d like for alerts (and drops) to not fire for 21965 when they are coming from an IP. I added the below entry into 
threshold.conf and I don’t get alerts anymore but the app (it uses wininet) is still not woking. Does suppression only 
filter the alert, but still drop if the signature is set to drop?

suppress gen_id 1, sig_id 21965, track by_src, ip x.x.x.x


Thanks,
Avery

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: