[Oisf-users] Suppress all signatures per source IP
Victor Julien
lists at inliniac.net
Thu Jun 26 19:30:00 UTC 2014
On 06/26/2014 09:23 PM, Yasha Zislin wrote:
> Is there a way to use threshold.conf to suppress all signatures coming
> from unique source IP address?
>
> Something like this:
> suppress gen_id 0, sig_id 0, track by_src, ip 111.222.111.222
>
> Or is there another way of doing this? I want basically to whitelist
> some IPs so no rules apply to them.
See
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list