[Oisf-users] Negating Alert

Kerry Milestone km4 at sanger.ac.uk
Mon Oct 29 11:28:47 UTC 2012


wondering what the best method is for negating an alert.

We use quite a bit of Aspera and also FDT for large data transfers. 
Unfortunately, they trigger a bunch of the P2P rules.

What would be the best way to go about hitting the signature for these specific
transfers and then ignoring other rules?  It is not really possible to exclude
particular IP addresses.

Many thanks,


.- Kerry Milestone                  -.
.- Principle Network Engineer       -.
.- Wellcome Trust Sanger Institute  -.
.-                                  -.
.- http://www.sanger.ac.uk          -.

 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

More information about the Oisf-users mailing list