[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Can't Suppress or Disable Sensitive data/http_inspect preprocessor rules
From: "Drew D." <dixon1dw () gmail ! com>
Date: 2014-02-27 17:18:31
Message-ID: 41de8ccd-075c-4444-a188-2b0c5a0aa79a () googlegroups ! com
[Download RAW message or body]
Hi,
I replied to an extremely closely related older thread but starting a new one here at \
Doug's request:
I cannot get the following alerts to suppress and they are cluttering up my metrics \
and ability to monitor for legitimate alerts:
sensitive_data: sensitive data global threshold exceeded
sensitive_data: sensitive data - eMail addresses
http_inspect: HTTP RESPONSE GZIP DECOMPRESSION FAILED
I've added them to /etc/nsm/rules/threshold.conf using my network CIDR range and also \
tried using 0.0.0.0/0 when my network CIDR range didn't appear to be working to \
suppress the alerts, this still did not suppress them.
I've been focusing on the sensitive data alerts/rules trying to get them to shut up \
but no matter what I do it doesn't seem to work. Via suggestion in the old thread I \
mentioned I went into snort.conf and commented out the line for the sensitive data \
preprocessor to totally disable it but when I did this my snort service would not \
start for some reason. I also went into the pulledpork disabled conf and added the \
sensitive data preprocessor, this didn't prevent the snort service from running but \
it also didn't kill the alerts either.
At this point I don't know what else I can do to suppress these, any and all help and \
suggestions would be greatly appreciated.
-Drew
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic