[Snort-users] Question on http_inspect
james.lay at ...15009...
Tue Nov 8 11:00:59 EST 2011
From: Owen Blandford [mailto:OBlandford at ...15433...]
Sent: Tuesday, November 08, 2011 6:36 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Question on http_inspect
I am seeing a vast number of http_inspect alerts for what is legitimate
traffic. How do I tune these alerts out?
Threshold those babies out...for example:
suppress gen_id 120, sig_id 3
More information about the Snort-users