Snort Priority Blocking
-
Hello,
I was wondering if there was a way in snort to only block Priority 1 alerts and just ignore 2 and 3 when it comes to blocking?
Thanks.
-
I don't think so, you should disable rules or use suppression's for that. I haven't tried, but you might be able to use a "pass" rule in the custom.rules tab.
Are there particular Alerts that are causing you trouble?
-
Hello,
I was wondering if there was a way in snort to only block Priority 1 alerts and just ignore 2 and 3 when it comes to blocking?
Thanks.
No, for Snort "any alert = block" if block offenders is enabled. It does not look at priority.
Bill
-
Thanks for your assistance bmeeks!
