[Snort-users] Signature question...
jeff+dated+1075235701.a86d1c at ...11069...
Tue Jan 27 22:41:11 EST 2004
On Tue, Jan 20, 2004 at 08:35:05PM -0500, Jeff Kell wrote:
> I am in the process of "tuning" our signatures to rule out false
> positives (e.g., FrontPage alerts on fully-patched machines). I do not
> want to disable the signature completely (although I do know how to do
> that), but merely "pass" on the check if it is one of our known patched
I believe the suppress command defined in threshold.conf is what you are
suppress gen_id 1, sig_id 1852, track by_dst, ip 10.1.1.0/24
More information about the Snort-users