Snort mailing list archives
Whitelisting
From: "Erik D. Sciortino" <ESciortino () ABIM ORG>
Date: Thu, 7 Feb 2013 16:25:22 +0000
Good Morning All, I want to start tuning my Snort install so I can cut down on some of the chatter currently being seen in the logs. I would like to use whitelisting to help eliminate some of the legitimate server traffic chatter that I am seeing in Snort. Can I create a Whitelist rule for a specific system-to-system interaction (i.e. the IP traffic going between my BlueCoat ProxySG and ProxyAV) or do whitelist rules only work based on Source IP (i.e. I could whitelist the IP address of my ProxySG only). If it is possible to create a whitelist rule for system-to-system interaction, would it be possible for someone to provide me with some sample nomenclature that I could follow? Thanks in advance! Erik Erik D. Sciortino, CISSP, CISM, CIPP Director of Data Security American Board of Internal Medicine 510 Walnut Street | Suite 1700 | Philadelphia, PA 19106 P: 215.446.3525 | C: 215.847.2207 | E: esciortino () abim org<mailto:esciortino () abim org> www.ABIM.org<http://www.ABIM.org> P Save Paper - Do you really need to print this e-mail? ________________________________ CONFIDENTIALITY NOTICE: This message and any attachments may contain confidential or proprietary information and are only for the use of the intended recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, please notify us immediately by replying to this email and delete or destroy the original and all copies thereof. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful. ________________________________
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Whitelisting Erik D. Sciortino (Feb 07)
- Re: Whitelisting Jeremy Hoel (Feb 07)