[Oisf-users] IP Address Suppression Issue
Leonard Jacobs
ljacobs at netsecuris.com
Sat Nov 2 17:41:32 UTC 2013
When setting an destination IP address to suppress alerts in threshold.config file. It is not suppressing alerts for signature CURRENT_EVENTS NeoSploit - TDS. Can anyone tell me why it does not suppress alerts for that signature?
I am using the following in the threshold.config file.
suppress gen_id 1, sig_id 0, track by_dst, ip 184.106.100.154
That address resolves to www.bookashowing.com.
Thanks.
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131102/21c7e4cc/attachment.html>
More information about the Oisf-users
mailing list