Snort mailing list archives
Re: how to permanently supress noisy rules for snort running Ubuntu
From: Purvesh Patolia <ppatolia () angoss com>
Date: Tue, 3 Oct 2017 13:26:17 +0000
So is there a document? Or some process to see what is causing the supress to fail? Can someone help me? Thank you, Purvesh Patolia Network & Systems Administrator | Angoss Software Corporation 416-593-2437 | ppatolia () angoss com<mailto:name () angoss com> | www.angoss.com<http://www.angoss.com> KnowledgeSEEKER® | KnowledgeSTUDIO® | KnowledgeREADER™ | ScorecardBUILDER™ | KnowledgeCLOUD™ [Email-signature-banner_09_25_2017]<http://bit.ly/2xsHOaX> This message contains information that may be privileged or confidential and is the property of Angoss Software Corporation. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: October-03-17 9:24 AM To: Purvesh Patolia <ppatolia () angoss com> Cc: snort-sigs () lists snort org Subject: Re: [Snort-sigs] how to permanently supress noisy rules for snort running Ubuntu Importance: High On Oct 2, 2017, at 11:52 AM, Purvesh Patolia <ppatolia () angoss com<mailto:ppatolia () angoss com>> wrote: Hello, I am a new member for snort and have never use SNORT as IDS detection tool. Can you please help me on how to supress permanently noisy rules that keep coming every day. I went to threshold.conf file and under suppress section I did write supress rule and saved the file and reboot the snort server several times for the same day the rules then don’t show up. But the next day they show up again. Not sure what will be the correct process to stop this alert more permanently. Sounds like you have some kind of process automatically updating the ruleset? -- Joel Esler Manager Talos Group http://www.talosintelligence.com
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)