[Oisf-users] Negating Alert
Kerry Milestone
km4 at sanger.ac.uk
Mon Oct 29 11:28:47 UTC 2012
Hello,
wondering what the best method is for negating an alert.
We use quite a bit of Aspera and also FDT for large data transfers.
Unfortunately, they trigger a bunch of the P2P rules.
What would be the best way to go about hitting the signature for these specific
transfers and then ignoring other rules? It is not really possible to exclude
particular IP addresses.
Many thanks,
Kerry
FYI:
http://monalisa.cern.ch/FDT/
http://asperasoft.com/
--
--------------------------------------
.- Kerry Milestone -.
.- Principle Network Engineer -.
.- Wellcome Trust Sanger Institute -.
.- -.
.- http://www.sanger.ac.uk -.
--------------------------------------
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
More information about the Oisf-users
mailing list