On 08/10/2012 10:17 AM, Kat wrote:
JB & Michael - good thoughts - only one problem, I have 4000 hosts.
Gonna make for a very lonnngg rules file.
Oh, I see. You want a different ignore interval for each host.
My thought on this is simple - more so for alerting on attacks/issues as
they
JB & Michael - good thoughts - only one problem, I have 4000 hosts. Gonna
make for a very lonnngg rules file.
My thought on this is simple - more so for alerting on attacks/issues as
they move around. Or for the audit rules - another reason for this. Here is
the situation - let's say an
On 2012.08.10 06:02, Michael Starks wrote:
On 08/07/2012 04:53 PM, Kat wrote:
Ok, here is a tricky one I can't figure out..
I have a simple rule with an ignore=7200 so it does not fire too much.
BUT, what if I only want to set the ignore PER HOST? In other words, if
it triggers on another host
On 08/07/2012 04:53 PM, Kat wrote:
Ok, here is a tricky one I can't figure out..
I have a simple rule with an ignore=7200 so it does not fire too much.
BUT, what if I only want to set the ignore PER HOST? In other words, if
it triggers on another host it should alert then set the ignore timer.
Y
Ok, here is a tricky one I can't figure out..
I have a simple rule with an ignore=7200 so it does not fire too much. BUT,
what if I only want to set the ignore PER HOST? In other words, if it
triggers on another host it should alert then set the ignore timer. Yeah, I
am not aware of a clean/sim
