suppress by host
From the rule description at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules and suppress example at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic it's unclear if it's possible to supress alert for particular hostname.
The problem is that rule description doese not mention "supress" at all, while the documentation on ignoring traffic is very brief and it's unclear how one could suppress alerts for the traffic going to (or from) my.host.com
Updated by god lol over 7 years ago
My personal use-case is SIP where it can also be extracted directly in theory (no corresponding Suricata helper yet). Although I can see how it can be handy regardless of the protocol so having infrastructure to do dns requests and cache the results for correct time would be definitely usefull.