[Oisf-users] Suppress all signatures per source IP
Yasha Zislin
coolyasha at hotmail.com
Thu Jun 26 19:23:53 UTC 2014
Is there a way to use threshold.conf to suppress all signatures coming from unique source IP address?
Something like this:
suppress gen_id 0, sig_id 0, track by_src, ip 111.222.111.222
Or is there another way of doing this? I want basically to whitelist some IPs so no rules apply to them.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140626/ca85759f/attachment.html>
More information about the Oisf-users
mailing list