[Oisf-users] whitelists vrs pass rules
erik clark
philosnef at gmail.com
Thu Mar 30 12:24:02 UTC 2017
I am trying to whitelist a large block of networks (yahoo, google) due to
issues with our SSL breakout causing large numbers of false positive alerts
on phishing attempts. Snort has the whitelist file feature; However, all I
can find for suri is implementing pass rules to not alert on the traffic.
Is there a way to whitelist domains? It isn't in the suricata.yaml that I
can find.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170330/3e19316a/attachment.html>
More information about the Oisf-users
mailing list