[Oisf-users] threshold.config and IP lists?
Victor Julien
lists at inliniac.net
Thu Mar 13 16:15:14 UTC 2014
On 03/13/2014 04:48 PM, Duane Howard wrote:
> Rather, is it worth filing a bug or feature request for this?
Feel free to do so. It will be a low priority issue though.
Cheers,
Victor
> ./d
>
>
> On Wed, Mar 12, 2014 at 9:11 AM, Duane Howard <duane.security at gmail.com
> <mailto:duane.security at gmail.com>> wrote:
>
> Just curious if there's any plan to support IP lists in
> threshold.config as Snort does? Or is the plan to continue as is and
> just create multiple rules?
>
> I'm currently maintaining two different sets of threshold.config
> files with and without IP lists for Snort/Suricata:
>
> ex:
> suppress gen_id 1, sig_id 12345, track by_src, ip
> [10.1.1.1,10.1.2.3,192.168.1.9]
> vs.
> suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.1.1
> suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.2.3
> suppress gen_id 1, sig_id 12345, track by_src, ip 192.168.1.9
>
> ./d
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list