OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)

From: Jørgen Bøhnsdalen (Jorgen.Bohnsdalennhn.no)
Date: Fri Feb 03 2012 - 02:12:00 CST

This message contains a digitally signed email which can be read by opening the attachment.
Vennlig hilsen

Jørgen Bøhnsdalen
Sikkerhetsanalytiker ved Nasjonal HelseCSIRT/HealthcareCSIRT
Norsk Helsenett
+47 7356 5883 | +47 468 23 721
www.nhn.no

Denne e-post er kun bestemt for mottakeren nevnt over. Hvis du ved en feil skulle motta denne meldingen, må du ikke sende den videre eller kopiere den. Vennligst informer avsender og slett meldingen og eventuelle vedlegg fra din PC. Norsk Helsenett SF påtar seg ikke ansvar for endringer av innholdet etter at meldingen er sendt. Overføring av e-post er ikke garantert å være sikker, konfidensiell eller feilfri, fordi informasjon kan avbrytes, forvrenges, tapes, ødelegges, bli forsinket, være ufull­stendig eller inneholde skadelig kode. E-posten ble sjekket for skadelig kode før utsendelse fra Norsk Helsenett SF.

attached mail follows:

On 2/2/2012 20:14, Joel Esler wrote:
>> If you comment the rule out in the stub file as JJ suggested, it
>> should turn the rule off.

>even if it specifically stated that the file is auto-generated and not to manually edit it??
>if the above is true, then the header message really should reflect such ;)

What about suppressing the rule? Suppressing the rule in threshold.conf will disable alerts from the rule but not disable the rule itself.

suppress gen_id 3, sig_id 7019

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  • application/pgp-signature attachment: PGP.sig