[Bro] General Whitelisting IP's or Domains

Alex Kefallonitis al.kefallonitis at gmail.com
Thu Nov 29 09:34:45 PST 2018

Hi and thanks for the response

 I want to be able to apply the whitelist in all of the above as generic
solution when something is spamming or hits as false positive. So is there
any generic solution ?

Thanks in advanced,
Alex Kefallonitis

Στις Πέμ, 29 Νοε 2018 στις 7:30 μ.μ., ο/η Azoff, Justin S <
jazoff at illinois.edu> έγραψε:

> > Is there a generic way to whitelist certain IP's/Subets or Domains in
> local.bro for the whole Bro configuration as not to produce logs and or
> notices.
> >
> > For e.g whitelist or  google.com ?
> It depends.. if you wanted to ignore ALL traffic to you could add
> this:
>     redef restrict_filters += [ ["not-google-dns"] = "not (host"
> ];
> Ignoring a 'google.com' is possible as well, but a little more involved
> since it
> could appear in dns, ssl, or http logs.  Is there a particular kind of log
> that
> you are seeing domains in that you want to ignore, or all of the above?
> --
> - Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181129/36d94e9c/attachment.html 

More information about the Bro mailing list