[Oisf-users] threshold.config and IP lists?

Duane Howard duane.security at gmail.com
Thu Mar 13 15:48:32 UTC 2014


Rather, is it worth filing a bug or feature request for this?

./d


On Wed, Mar 12, 2014 at 9:11 AM, Duane Howard <duane.security at gmail.com>wrote:

> Just curious if there's any plan to support IP lists in threshold.config
> as Snort does? Or is the plan to continue as is and just create multiple
> rules?
>
> I'm currently maintaining two different sets of threshold.config files
> with and without IP lists for Snort/Suricata:
>
> ex:
> suppress gen_id 1, sig_id 12345, track by_src, ip
> [10.1.1.1,10.1.2.3,192.168.1.9]
> vs.
> suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.1.1
> suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.2.3
> suppress gen_id 1, sig_id 12345, track by_src, ip 192.168.1.9
>
> ./d
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140313/98d1967c/attachment-0002.html>


More information about the Oisf-users mailing list