[Snort-users] Event supression question, and Whitelist question
Avery.Rozar at ...16118...
Wed Jun 25 16:16:00 EDT 2014
Does event suppression stop alerting, and if inline stop dropping too? Or just alerting, but still drop?
I added the below entry into threshold.conf and I don’t get alerts anymore but the app in use that was fining this sig off (it uses wininet) is still not woking.
suppress gen_id 1, sig_id 21965, track by_src, ip x.x.x.x
Does adding a host to the white_list.rules stop preprocessor rules from being applied to this host too?
More information about the Snort-users