Skip to content

Commit

Permalink
Update managing-alerts.rst
Browse files Browse the repository at this point in the history 
added information about adding multiple IPs/networks to a suppression threshold config using a comma
  • Loading branch information
@hackintosh1984
hackintosh1984 authored Dec 7, 2023
1 parent 9c12951 commit b52cf82
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions managing-alerts.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,16 @@ For example, suppose you want to suppress SID 2013030 where the source IP addres
track: by_src
ip: 10.10.3.0/24

If you want to suppress SID 2013030 for multiple IPs where source IP address is in the 10.10.3.0/24 subnet and also IP address 10.0.0.5 simply separate them with a comma:

::

2013030:
- suppress:
gen_id: 1
track: by_src
ip: 10.10.3.0/24,10.0.0.5

Flowbits
--------

Expand Down

0 comments on commit b52cf82

Please sign in to comment.