[Snort-users] Supressing alerts

M. Shirk shirkdog_linux at ...125...
Wed Nov 17 07:47:01 EST 2004


Options for filtering (in order of drastic action):

1. Turn off rule
2. Make a local pass rule on for these networks
3. Use the threshold.conf

The gen_id refers to the revision of a rule. So the rule for SID 2400 has 
been revised once:
http://www.snort.org/snort-db/sid.html?sid=1%3A2400

Shirkdog
http://www.shirkdog.us






More information about the Snort-users mailing list