Suppressing Intrusion Events for a Specific Rule
You can suppress intrusion event notification for a rule or rules in your intrusion policy. When notification is suppressed for a rule, the rule triggers but events are not generated. You can set one or more suppressions for a rule. The first suppression listed has the highest priority. When two suppressions conflict, the action of the first is carried out.
Note that a Revert appears in a field when you enter an invalid value; click it to revert to the last valid value for that field or to clear the field if there was no previous value.
Procedure
Step 1 | Choose . | ||
Step 2 | Click Snort 2 Version next to the policy you want to edit. If View () appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration. | ||
Step 3 | Click Rules immediately under Policy Information in the navigation panel. | ||
Step 4 | Choose the rule or rules for which you want to configure suppression conditions. | ||
Step 5 | Choose . | ||
Step 6 | Choose a Suppression Type. | ||
Step 7 | If you chose Source or Destination for the suppression type, in the Network field enter the IP address, address block, or variable you want to specify as the source or destination IP address, or a comma-separated list comprised of any combination of these. | ||
Step 8 | Click OK.
| ||
Step 9 | To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes. If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy. |
What to do next
-
Deploy configuration changes.