[Oisf-users] threshold.config and IP lists?

Duane Howard duane.security at gmail.com
Wed Mar 12 16:11:31 UTC 2014


Just curious if there's any plan to support IP lists in threshold.config as
Snort does? Or is the plan to continue as is and just create multiple rules?

I'm currently maintaining two different sets of threshold.config files with
and without IP lists for Snort/Suricata:

ex:
suppress gen_id 1, sig_id 12345, track by_src, ip
[10.1.1.1,10.1.2.3,192.168.1.9]
vs.
suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.1.1
suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.2.3
suppress gen_id 1, sig_id 12345, track by_src, ip 192.168.1.9

./d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140312/520dc5f3/attachment.html>


More information about the Oisf-users mailing list