[Oisf-users] GeoIP thresholding/supression
Peter Manev
petermanev at gmail.com
Fri Aug 23 15:44:24 UTC 2013
On Fri, Aug 23, 2013 at 5:29 PM, Kevin Ross <kevross33 at googlemail.com> wrote:
> Hi,
>
> Not sure if this is on the cards but the ability to do geoip thresholding
> could be useful in cases where a sig is useful but FPs within the local
> region.
>
> i.e
> suppress gen_id 1, sig_id XXXXXX, track by_src, geoip GB
>
> That would give so much more flexibility in supression as I have signatures
> which are to useful to disable but I get more FPs than anything else of them
> for local stuff within the country which is legit but different IPs.
>
>
> Kindest Regards,
> Kevin
>
I think this is good thing.
Would you please post a feature request?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list