[Snort-users] Whitelisting

Erik D. Sciortino ESciortino at ...16077...
Thu Feb 7 11:25:22 EST 2013


Good Morning All,

I want to start tuning my Snort install so I can cut down on some of the chatter currently being seen in the logs. I would like to use whitelisting to help eliminate some of the legitimate server traffic chatter that I am seeing in Snort. Can I create a Whitelist rule for a specific system-to-system interaction (i.e. the IP traffic going between my BlueCoat ProxySG and ProxyAV) or do whitelist rules only work based on Source IP (i.e. I could whitelist the IP address of my ProxySG only). If it is possible to create a whitelist rule for system-to-system interaction, would it be possible for someone to provide me with some sample nomenclature that I could follow?

Thanks in advance!

Erik

Erik D. Sciortino, CISSP, CISM, CIPP
Director of Data Security

American Board of Internal Medicine
510 Walnut Street | Suite 1700 | Philadelphia, PA 19106
P: 215.446.3525 | C: 215.847.2207 | E: esciortino at ...16078...<mailto:esciortino at ...16078...>
www.ABIM.org<http://www.ABIM.org>
P Save Paper - Do you really need to print this e-mail?



________________________________
CONFIDENTIALITY NOTICE: This message and any attachments may contain confidential or proprietary information and are only for the use of the intended recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, please notify us immediately by replying to this email and delete or destroy the original and all copies thereof. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130207/7f328fd5/attachment.html>


More information about the Snort-users mailing list