Snort mailing list archives
Disabling preprocessor rules
From: "Elie, Kenneth via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 6 Oct 2020 16:00:21 +0000
I know this gets asked often enough, but im having trouble disabling a few preprocessor rules in my snort instance. I have not tried suppression yet. I commented the rules out in preprocessor.rules and then added the signatures to the modifysid.conf 142:1 123:2 124:1 The alerts still flood in. Where else should I check? [cid:image001.jpg@01D69BD8.399733A0] Kenneth Elie Systems Analyst - Security Enterprise Technology Services 1 N. University Drive Plantation, FL 33324-2019 954-357-7987 (Office) Kelie () broward org<mailto:Kelie () broward org> www.broward.org<http://www.broward.org/> ________________________________ Under Florida law, most e-mail messages to or from Broward County employees or officials are public records, available to any person upon request, absent an exemption. Therefore, any e-mail message to or from the County, inclusive of e-mail addresses contained therein, may be subject to public disclosure.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Disabling preprocessor rules Elie, Kenneth via Snort-sigs (Oct 07)