Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wildcard Suppress list

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 547 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bmcguire007
      last edited by

      Hello

      We receive a large amount of the same group alerts

      ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97

      This always is group 97, 98,34,34  ect

      Is there a way to suppress this alert without adding each one one by one ?

      Example

      ET CINS Active Threat Intelligence Poor Reputation IP TCP  .

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        No, I don't believe the binary supports text wildcards.  You can use very large network blocks by specifying a large subnet mask when you suppress by IP, but that trick does not work for text.  The only supported options for suppression are "by IP" and "by GID:SID".

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.