Re: how to permanently supress noisy rules for snort running Ubuntu

["Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>]

On Oct 2, 2017, at 11:52 AM, Purvesh Patolia <ppatolia () angoss com<mailto:ppatolia () angoss com>> wrote:

Hello,

I am a new member for snort and have never use SNORT as IDS detection tool. Can you please help me on how to supress 
permanently noisy rules that keep coming every day.

I went to threshold.conf file and under suppress section I did write supress rule and saved the file and reboot the 
snort server several times for the same day the rules then don’t show up. But the next day they show up again.

Not sure what will be the correct process to stop this alert more permanently.


Sounds like you have some kind of process automatically updating the ruleset?

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!