Wildcard Suppress list
-
Hello
We receive a large amount of the same group alerts
ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97
This always is group 97, 98,34,34 ect
Is there a way to suppress this alert without adding each one one by one ?
Example
ET CINS Active Threat Intelligence Poor Reputation IP TCP .
-
No, I don't believe the binary supports text wildcards. You can use very large network blocks by specifying a large subnet mask when you suppress by IP, but that trick does not work for text. The only supported options for suppression are "by IP" and "by GID:SID".
Bill