Hey folks,
I've tried a couple of different rules to tune out this vulnerability scanner
but I still seem be getting a boat load of alerts from it and I can't determine
why. There must be something I'm missing. Any pointers would be much
appreciated. Here are the rules I put in place to filter out the alerts
(obviously not the real address):
For alerts where srcip is parsed (this appears to work):
<rule id="100080" level="0">
<srcip>1.2.3.4</srcip>
<description>Ignore any alert from X</description>
</rule>
For all other alerts:
<rule id="100130" level="0">
<match>1.2.3.4</match>
<description>Ignore any alert from X</description>
</rule>
Thanks,
Noah
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
