<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Nov 2, 2013 at 6:41 PM, Leonard Jacobs <span dir="ltr"><<a href="mailto:ljacobs@netsecuris.com" target="_blank">ljacobs@netsecuris.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal">When setting an destination IP address to suppress alerts in threshold.config file. It is not suppressing alerts for signature CURRENT_EVENTS NeoSploit – TDS. Can anyone tell me why it does not suppress alerts for that signature?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I am using the following in the threshold.config file.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">suppress gen_id 1, sig_id 0, track by_dst, ip 184.106.100.154<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">That address resolves to <a href="http://www.bookashowing.com" target="_blank">www.bookashowing.com</a>.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks.<span class=""><font color="#888888"><u></u><u></u></font></span></p><span class=""><font color="#888888"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
</font></span><br clear="all"></div></div></blockquote><div><br><br><br></div><div>Can you please post the signature?<br></div><div>What Suricata version are you using?<br><br></div><div>Have you looked here:<br><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds</a><br>
</div><div>and here:<br><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding</a><br><br></div><div>
<br></div><div>thanks<br></div><div><br></div><div> </div></div><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>
</div></div>