Snort mailing list archives
Re: Event supression question, and Whitelist question
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 26 Jun 2014 15:45:10 +0000
On Jun 25, 2014, at 4:16 PM, Avery Rozar <Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>> wrote: Does event suppression stop alerting, and if inline stop dropping too? Or just alerting, but still drop? I added the below entry into threshold.conf and I don’t get alerts anymore but the app in use that was fining this sig off (it uses wininet) is still not woking. It just suppresses the alert. Any action will still take place. suppress gen_id 1, sig_id 21965, track by_src, ip x.x.x.x Does adding a host to the white_list.rules stop preprocessor rules from being applied to this host too? No, that’s for IP Blacklisting. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Event supression question, and Whitelist question Avery Rozar (Jun 25)
- Re: Event supression question, and Whitelist question Joel Esler (jesler) (Jun 26)
- Re: Event supression question, and Whitelist question Avery Rozar (Jun 26)
- Re: Event supression question, and Whitelist question Joel Esler (jesler) (Jun 26)