Re: White and Blacklist Rules

["Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>]

Hello,

Have you looked at the reputation readme?

https://www.snort.org/faq/readme-reputation


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com 
 
On 6/20/18, 6:14 PM, "Snort-sigs on behalf of Eichhorn Sophia" <snort-sigs-bounces () lists snort org on behalf of 
sophia.eichhorn () tu-braunschweig de> wrote:

    Hey everybody,
    
    I'm very new in Snort and have a question regarding the white and 
    black rules. I know the different between
    white and blacklists but I would like to know how I can define the 
    rules. Special the whitelist rules.
    My problem is, that I know how to create a blacklist rule but I need 
    to define a whitelist.
    
    Is that possible or can I only "whitelist" IP-Addresses? Do You have 
    an example or an idea?
    
    Please help me and tanks for everything!
    
    Sophia
    _______________________________________________
    Snort-sigs mailing list
    Snort-sigs () lists snort org
    https://lists.snort.org/mailman/listinfo/snort-sigs
    
    Please visit http://blog.snort.org for the latest news about Snort!
    
    Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
    
    Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
    

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!