surpressing noisy suricata alerts.

deekdeeker · September 06, 2019, 01:42:05 AM

Is there any way to suppress an alert with the signature ID and source + destination IPs? from the GUi it looks like its just source + destination IP, which is a little too broad and dont want to disable some rules altogether.

I think this is just adding a custom rules config somewhere but where ?

Thanks

surpressing noisy suricata alerts.

deekdeeker

September 06, 2019, 01:42:05 AM