[Oisf-users] limit alerting to outbound vs inbound?
ehoward at bbg.gov
Mon Oct 31 08:19:09 EST 2011
Have you looked at configuring your threshhold.conf file to suppress
events based on teh direction of the flow?
-- eric --
On 10/28/2011 03:42 PM, Dewhirst, Rob wrote:
> Is there a way I can have suricata NOT alert when certain rules
> (especially the DROP, COMPROMISED sets) are tripped for inbound
> connections? For some of my public systems I don't care if known bad
> hosts are contacting them, but I most certainly want to know if they
> make connections *out* to those systems.
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
More information about the Oisf-users