Negative Filtering

  • Andy

    Andy - 2004-12-01

    Maybe I overlooked this but I haven't found an option to negative filter events. Is this functionality available?

    • Kevin Johnson

      Kevin Johnson - 2004-12-02

      Could you explain what you mean by negative filtering?

    • Andy

      Andy - 2004-12-08

      Sorry for the delayed response - By negative filtering I mean, is it possible to configure BASE to ignore events that you specify? For instance...if I regularly run NMAP scans from a particular IP address against my network, the event queue fills up with the info from these scans. Could I configure base to say...ignore the ipaddress and the traffic of this type? This would cut down on the amount of events I see in my queue.

    • Funkskillet

      Funkskillet - 2004-12-09

      It seems to me the best option would be to use a pass rule and/or threshold/suppression rules in snort.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks