[Bro] General Whitelisting IP's or Domains
Alex Kefallonitis
al.kefallonitis at gmail.com
Mon Dec 17 05:04:55 PST 2018
So i cannot find any other way for generic whitelisting i am not so sure
how dns could work. Any suggestions ?
Στις Πέμ, 29 Νοε 2018 στις 7:34 μ.μ., ο/η Alex Kefallonitis <
al.kefallonitis at gmail.com> έγραψε:
> Hi and thanks for the response
>
> I want to be able to apply the whitelist in all of the above as generic
> solution when something is spamming or hits as false positive. So is there
> any generic solution ?
>
> Thanks in advanced,
> Alex Kefallonitis
>
> Στις Πέμ, 29 Νοε 2018 στις 7:30 μ.μ., ο/η Azoff, Justin S <
> jazoff at illinois.edu> έγραψε:
>
>> > Is there a generic way to whitelist certain IP's/Subets or Domains in
>> local.bro for the whole Bro configuration as not to produce logs and or
>> notices.
>> >
>> > For e.g whitelist 8.8.8.8 or google.com ?
>>
>> It depends.. if you wanted to ignore ALL traffic to 8.8.8.8 you could add
>> this:
>>
>> redef restrict_filters += [ ["not-google-dns"] = "not (host 8.8.8.8)"
>> ];
>>
>> Ignoring a 'google.com' is possible as well, but a little more involved
>> since it
>> could appear in dns, ssl, or http logs. Is there a particular kind of
>> log that
>> you are seeing domains in that you want to ignore, or all of the above?
>>
>> --
>> - Justin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181217/b0881d6b/attachment.html
More information about the Bro
mailing list