[Oisf-users] whitelists vrs pass rules

erik clark philosnef at gmail.com
Thu Mar 30 12:24:02 UTC 2017

I am trying to whitelist a large block of networks (yahoo, google) due to
issues with our SSL breakout causing large numbers of false positive alerts
on phishing attempts. Snort has the whitelist file feature; However, all I
can find for suri is implementing pass rules to not alert on the traffic.

Is there a way to whitelist domains? It isn't in the suricata.yaml that I
can find.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170330/3e19316a/attachment.html>

More information about the Oisf-users mailing list