[Oisf-users] threshold.config and IP lists?

Duane Howard duane.security at gmail.com
Thu Mar 13 22:14:21 UTC 2014 

https://redmine.openinfosecfoundation.org/issues/1137
Thanks!


On Thu, Mar 13, 2014 at 9:15 AM, Victor Julien <lists at inliniac.net> wrote:

> On 03/13/2014 04:48 PM, Duane Howard wrote:
> > Rather, is it worth filing a bug or feature request for this?
>
> Feel free to do so. It will be a low priority issue though.
>
> Cheers,
> Victor
>
> > ./d
> >
> >
> > On Wed, Mar 12, 2014 at 9:11 AM, Duane Howard <duane.security at gmail.com
> > <mailto:duane.security at gmail.com>> wrote:
> >
> >     Just curious if there's any plan to support IP lists in
> >     threshold.config as Snort does? Or is the plan to continue as is and
> >     just create multiple rules?
> >
> >     I'm currently maintaining two different sets of threshold.config
> >     files with and without IP lists for Snort/Suricata:
> >
> >     ex:
> >     suppress gen_id 1, sig_id 12345, track by_src, ip
> >     [10.1.1.1,10.1.2.3,192.168.1.9]
> >     vs.
> >     suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.1.1
> >     suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.2.3
> >     suppress gen_id 1, sig_id 12345, track by_src, ip 192.168.1.9
> >
> >     ./d
> >
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > OISF: http://www.openinfosecfoundation.org/
> >
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140313/5657e750/attachment-0002.html>

More information about the Oisf-users mailing list