[Oisf-users] IP Address Suppression Issue
Peter Manev
petermanev at gmail.com
Sun Nov 3 10:09:17 UTC 2013
On Sat, Nov 2, 2013 at 6:41 PM, Leonard Jacobs <ljacobs at netsecuris.com>wrote:
> When setting an destination IP address to suppress alerts in
> threshold.config file. It is not suppressing alerts for signature
> CURRENT_EVENTS NeoSploit – TDS. Can anyone tell me why it does not suppress
> alerts for that signature?
>
>
>
> I am using the following in the threshold.config file.
>
>
>
> suppress gen_id 1, sig_id 0, track by_dst, ip 184.106.100.154
>
>
>
> That address resolves to www.bookashowing.com.
>
>
>
> Thanks.
>
>
>
>
Can you please post the signature?
What Suricata version are you using?
Have you looked here:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds
and here:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding
thanks
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131103/a9ad0ad5/attachment-0002.html>
More information about the Oisf-users
mailing list