[Snort-users] Pre-processor Tuning
gobroncos at ...3420...
Mon Jan 28 13:24:06 EST 2002
It seems that my snort box is doing a good job of decoding packets with, for
instance, the unidecode pre-processor. However, all the alerts are with
sources from my network. Can I tune that somehow?
In rules, it's clear that one defines variables for the source that do not
include one's local network. Can the same be done for the pre-processors?
I've looked around in confs and docs and I'm not seeing it.
More information about the Snort-users