[Oisf-users] Suppress all signatures per source IP

Yasha Zislin coolyasha at hotmail.com
Thu Jun 26 19:23:53 UTC 2014


Is there a way to use threshold.conf to suppress all signatures coming from unique source IP address?

Something like this:
suppress gen_id 0, sig_id 0, track by_src, ip 111.222.111.222

Or is there another way of doing this? I want basically to whitelist some IPs so no rules apply to them.

Thanks.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140626/ca85759f/attachment.html>


More information about the Oisf-users mailing list