Hello,
my plan is to block
Alert ET SCAN Potential SSH Scan
Alert sid 2001219
Rule but allow it for a specific set of IPs.
We do run internal quality scanner and monitoring probes.
Is this somehow possible as the rule can "just" be set to allow (alert) or block?
thank you very much!
cheers A