[Oisf-users] Suppress all signatures per source IP

Yasha Zislin coolyasha at hotmail.com
Thu Jun 26 19:23:53 UTC 2014

Is there a way to use threshold.conf to suppress all signatures coming from unique source IP address?

Something like this:
suppress gen_id 0, sig_id 0, track by_src, ip

Or is there another way of doing this? I want basically to whitelist some IPs so no rules apply to them.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140626/ca85759f/attachment.html>

More information about the Oisf-users mailing list