[Oisf-users] IP Address Suppression Issue

Leonard Jacobs ljacobs at netsecuris.com
Sat Nov 2 17:41:32 UTC 2013

When setting an destination IP address to suppress alerts in threshold.config file. It is not suppressing alerts for signature CURRENT_EVENTS NeoSploit - TDS. Can anyone tell me why it does not suppress alerts for that signature?
I am using the following in the threshold.config file.
suppress gen_id 1, sig_id 0, track by_dst, ip
That address resolves to www.bookashowing.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131102/21c7e4cc/attachment.html>

More information about the Oisf-users mailing list