[Oisf-users] Suppress all signatures per source IP

Victor Julien lists at inliniac.net
Thu Jun 26 19:30:00 UTC 2014

On 06/26/2014 09:23 PM, Yasha Zislin wrote:
> Is there a way to use threshold.conf to suppress all signatures coming
> from unique source IP address?
> Something like this:
> suppress gen_id 0, sig_id 0, track by_src, ip
> Or is there another way of doing this? I want basically to whitelist
> some IPs so no rules apply to them.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list