[Snort-sigs] White and Blacklist Rules
Al Lewis (allewi)
allewi at cisco.com
Wed Jun 20 19:17:31 EDT 2018
Have you looked at the reputation readme?
Cisco Systems Inc.
Email: allewi at cisco.com
On 6/20/18, 6:14 PM, "Snort-sigs on behalf of Eichhorn Sophia" <snort-sigs-bounces at lists.snort.org on behalf of sophia.eichhorn at tu-braunschweig.de> wrote:
I'm very new in Snort and have a question regarding the white and
black rules. I know the different between
white and blacklists but I would like to know how I can define the
rules. Special the whitelist rules.
My problem is, that I know how to create a blacklist rule but I need
to define a whitelist.
Is that possible or can I only "whitelist" IP-Addresses? Do You have
an example or an idea?
Please help me and tanks for everything!
Snort-sigs mailing list
Snort-sigs at lists.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
More information about the Snort-sigs