[Oisf-users] limit alerting to outbound vs inbound?
Peter Manev
petermanev at gmail.com
Sat Oct 29 08:07:36 UTC 2011
Hi,
That would probably be handled with some custom rule writing.
If I understand your question correctly - you need to edit the particular
rules (or add an edited version of the particular rule) to alert only when
a connection attempt is made from your systems out to these "bad" hosts.
Thanks
On Fri, Oct 28, 2011 at 9:42 PM, Dewhirst, Rob <robdewhirst at gmail.com>wrote:
> Is there a way I can have suricata NOT alert when certain rules
> (especially the DROP, COMPROMISED sets) are tripped for inbound
> connections? For some of my public systems I don't care if known bad
> hosts are contacting them, but I most certainly want to know if they
> make connections *out* to those systems.
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111029/288f603a/attachment-0002.html>
More information about the Oisf-users
mailing list