[Bro] General Whitelisting IP's or Domains
al.kefallonitis at gmail.com
Thu Nov 29 09:34:45 PST 2018
Hi and thanks for the response
I want to be able to apply the whitelist in all of the above as generic
solution when something is spamming or hits as false positive. So is there
any generic solution ?
Thanks in advanced,
Στις Πέμ, 29 Νοε 2018 στις 7:30 μ.μ., ο/η Azoff, Justin S <
jazoff at illinois.edu> έγραψε:
> > Is there a generic way to whitelist certain IP's/Subets or Domains in
> local.bro for the whole Bro configuration as not to produce logs and or
> > For e.g whitelist 18.104.22.168 or google.com ?
> It depends.. if you wanted to ignore ALL traffic to 22.214.171.124 you could add
> redef restrict_filters += [ ["not-google-dns"] = "not (host 126.96.36.199)"
> Ignoring a 'google.com' is possible as well, but a little more involved
> since it
> could appear in dns, ssl, or http logs. Is there a particular kind of log
> you are seeing domains in that you want to ignore, or all of the above?
> - Justin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro