We receive a lot of files from an automated system which makes a new ftp connection for each file. Rule 11452 fires (as it should) when we get 10 successive logins. I've added the client IP to the whitelist so they don't get blocked, but now I get LOADS of emails and alerts telling me that I'm getting "Multiple FTP connection attempts from same source IP".
How can I fix this? I know I can remove the alert, but generally it's a good rule, so I don't want to do that. I'd be happy to get one email / alert per day for a given rule/srcip, but not one every few seconds. Ideally, if a source IP is white listed, I'd rather not get emails / alerts.
