Can't add suppression rules anymore…
The Snort module has a handy little feature which allows you to add suppression rules based on alerts received. I had accidentally added the same rule twice and decided to delete them from the suppression list and start again. Once I deleted the rules from the suppression list, it no longer allowed me to add anymore rules. Have I messed something up?
Let me know. Thanks!
Just tried this in my virtual machine. Its true, if you delete wansuppress oder parts of it, you cannot add further sids to this suppress list…
Try to reinstall the snort package.. hope that helps