Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort Priority Blocking

    pfSense Packages
    3
    4
    1477
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Atlantisman last edited by

      Hello,

      I was wondering if there was a way in snort to only block Priority 1 alerts and just ignore 2 and 3 when it comes to blocking?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        I don't think so, you should disable rules or use suppression's for that. I haven't tried, but you might be able to use a "pass" rule in the custom.rules tab.

        Are there particular Alerts that are causing you trouble?

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          @Atlantisman:

          Hello,

          I was wondering if there was a way in snort to only block Priority 1 alerts and just ignore 2 and 3 when it comes to blocking?

          Thanks.

          No, for Snort "any alert = block" if block offenders is enabled.  It does not look at priority.

          Bill

          1 Reply Last reply Reply Quote 0
          • A
            Atlantisman last edited by

            Thanks for your assistance bmeeks!

            1 Reply Last reply Reply Quote 0

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2020 Rubicon Communications, LLC | Privacy Policy