Project

General

Profile

Actions

Feature #1389

open

suppress by host

Added by god lol over 9 years ago. Updated over 7 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

From the rule description at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules and suppress example at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic it's unclear if it's possible to supress alert for particular hostname.

The problem is that rule description doese not mention "supress" at all, while the documentation on ignoring traffic is very brief and it's unclear how one could suppress alerts for the traffic going to (or from) my.host.com

Actions

Also available in: Atom PDF