Project

General

Profile

Actions

Feature #1137

closed

Support IP lists in threshold.config

Added by Duane Howard about 10 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Snort currently supports lists like:
suppress gen_id 1, sig_id 12345, track by_src, ip [10.1.1.1,10.1.2.3,192.168.1.9]

The same requires multiple rules in Suricata:
suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.1.1
suppress gen_id 1, sig_id 12345, track by_src, ip 10.1.2.3
suppress gen_id 1, sig_id 12345, track by_src, ip 192.168.1.9

Actions

Also available in: Atom PDF