Re: [Snort-users] SNort signature based filtering
This is a discussion on Re: [Snort-users] SNort signature based filtering within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mac: Yes, its possible. Using the threshold.conf file, you can set up suppression ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-06-2006
|
|||
|
|||
Re: [Snort-users] SNort signature based filtering
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mac: Yes, its possible. Using the threshold.conf file, you can set up suppression for particular SIDs coming from or going to particular SRC or DST IP addresses respectively or ALL events matching a particular SID. See etc/threshold.conf file for more details. - ---------- etc/threshold.conf --------- # Suppress this event completely # # suppress gen_id 1, sig_id 1852 # # Suppress this event from this IP # # suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54 # # Suppress this event to this CIDR block # # suppress gen_id 1, sig_id 1852, track by_dst, ip 10.1.1.0/24 Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines@appliedwatch.com - -------------------------------------------- "Enterprise Open Source Security Management" mac subbu wrote: > Hi, > Is it possible to filter out SID from a particular source in snort ??? > And if possible how can we achieve that > > Thanks and regards > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD51ymbOqF2QHgUK0RAlfzAKCxGPu6aSPI3Yy4TSE1o3 NZV195+gCgnPvX 3VIq6b34gimoxvG4oNA3mXY= =mZmX -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
