If we want to ignore a specific snort rule for specific IP or network, we can use "suppression" in threshold.conf file under /etc/snort.
[root@snort rules]# vim /etc/snort/threshold.conf
Sunday 5 January 2014
Ignore a specific alert for specific IP address in Snort
If we want to ignore a specific snort rule for specific IP or network, we can use "suppression" in threshold.conf file under /etc/snort.
[root@snort rules]# vim /etc/snort/threshold.conf
Subscribe to:
Posts (Atom)