<html><head></head><body>I have been trying to exclude certain source IP addresses from triggering alerts or drops. I read that there is a bug when performing global threshold functions such as Suppress. Maybe that can be explained to me better on when Suppress will work or not work.<div><br></div><div>But when I use "suppress" in the threshold.config file and setup suricata.yaml, the supression does not seem to work.</div><div><br></div><div>What is the best way or proper way to have Suricata ignore a src IP?</div><div><br></div><div>Thanks.<br><br>Leonard</div></body></html>