Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort - How to Supress priority "3" events

    pfSense Packages
    2
    3
    1494
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrmitchell83 last edited by

      Hello,

      I'm running pfSense 2.0.1 and just installed Snort. I love the autoblocking feature however Snort picks up on events that really are just warnings and then blocks the hosts IP, etc. I know I can suppress the individual events so they are flagged in the future but I'm looking for the magic syntax to drop into the suppress dialog to skip say priority "3" events that I really don't care about. This would allow for me to leave the system automatically blocking the real threats and simply skip the warnings.

      Anyone know how to do this or otherwise have any other ways of accomplishing? As stated above I don't want to create separate individual suppress statements for each event that accidentally gets captured I'm simply looking for a way to only pick up on priority 1 and 2 events.

      Thank you!!
      -Justin

      1 Reply Last reply Reply Quote 0
      • J
        jrmitchell83 last edited by

        Nobody has any insight on this?

        1 Reply Last reply Reply Quote 0
        • M
          moe2006 last edited by

          Well, I am faced with the same problem. Therefore I dont dare to activate the blocking feature in pfsense snort. The only thing you can do is to go through ALL the rules an activate only those which are relevant to your network (i.e. disable rules for INFO, POLICY, and so on). If there are still alerts you have to add them to the suppress list and unblock affected hosts.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy