[Snort-users] Event Suppression between specific Source and Destination

waldo kitty wkitty42 at ...14940...
Fri Dec 14 21:38:58 EST 2012


On 12/14/2012 10:44, Guido Hungerbuehler wrote:
> I only agree on parts. Because if you would like to create a pass rule
> for one specific rule and the two affected hosts, this would mean that I
> basically have to copy the rule that triggers the event and replace
> 'alert' with 'pass' and adjust the source and destination.
>
> But if the signature gets a new revision, the pass-rule does not get
> updated. And I would have to check for changes in the rules manually.

welcome to IDS Management 101 ;)

but seriously, i see what you are saying but there is no other method available 
at this time for the way you choose to operate :?




More information about the Snort-users mailing list