0 Comments

[Snort-sigs] (snort decoder) Bad Traffic Same Src/Dst IP {trying to supress alerts from certain IP’s}

Question

I’m trying to suppress alerts from 2 machines where this traffic is normal. When using base to identify the SID it says the SID is 151 but when I search snort.org I can not find THIS rule. I have searched high and low to find references to this specific instance of the rule (I have already suppressed SID 527).

I have run grep in my rules directory to find the rule that is creating this alert to no avail. …