3. Snort - How to Supress priority "3" events

Snort - How to Supress priority "3" events

  • J

    Hello,

    I'm running pfSense 2.0.1 and just installed Snort. I love the autoblocking feature however Snort picks up on events that really are just warnings and then blocks the hosts IP, etc. I know I can suppress the individual events so they are flagged in the future but I'm looking for the magic syntax to drop into the suppress dialog to skip say priority "3" events that I really don't care about. This would allow for me to leave the system automatically blocking the real threats and simply skip the warnings.

    Anyone know how to do this or otherwise have any other ways of accomplishing? As stated above I don't want to create separate individual suppress statements for each event that accidentally gets captured I'm simply looking for a way to only pick up on priority 1 and 2 events.

    Thank you!!
    -Justin

    0
  • J

    Nobody has any insight on this?

    0
  • M

    Well, I am faced with the same problem. Therefore I dont dare to activate the blocking feature in pfsense snort. The only thing you can do is to go through ALL the rules an activate only those which are relevant to your network (i.e. disable rules for INFO, POLICY, and so on). If there are still alerts you have to add them to the suppress list and unblock affected hosts.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy