[Oisf-users] Suppress all signatures per source IP

Victor Julien lists at inliniac.net
Thu Jun 26 19:30:00 UTC 2014


On 06/26/2014 09:23 PM, Yasha Zislin wrote:
> Is there a way to use threshold.conf to suppress all signatures coming
> from unique source IP address?
> 
> Something like this:
> suppress gen_id 0, sig_id 0, track by_src, ip 111.222.111.222
> 
> Or is there another way of doing this? I want basically to whitelist
> some IPs so no rules apply to them.

See
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list