[Snort-sigs] White and Blacklist Rules

Al Lewis (allewi) allewi at cisco.com
Wed Jun 20 19:17:31 EDT 2018


Have you looked at the reputation readme?


Albert Lewis
Cisco Systems Inc.
Email: allewi at cisco.com 
On 6/20/18, 6:14 PM, "Snort-sigs on behalf of Eichhorn Sophia" <snort-sigs-bounces at lists.snort.org on behalf of sophia.eichhorn at tu-braunschweig.de> wrote:

    Hey everybody,
    I'm very new in Snort and have a question regarding the white and 
    black rules. I know the different between
    white and blacklists but I would like to know how I can define the 
    rules. Special the whitelist rules.
    My problem is, that I know how to create a blacklist rule but I need 
    to define a whitelist.
    Is that possible or can I only "whitelist" IP-Addresses? Do You have 
    an example or an idea?
    Please help me and tanks for everything!
    Snort-sigs mailing list
    Snort-sigs at lists.snort.org
    Please visit http://blog.snort.org for the latest news about Snort!
    Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
    Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

More information about the Snort-sigs mailing list