Netgate SG-1000 microFirewall

Author Topic: Wildcard Suppress list  (Read 127 times)

0 Members and 1 Guest are viewing this topic.

Offline bmcguire007

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Wildcard Suppress list
« on: January 19, 2018, 08:59:03 pm »
Hello

We receive a large amount of the same group alerts

ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97


This always is group 97, 98,34,34  ect

Is there a way to suppress this alert without adding each one one by one ?

Example

ET CINS Active Threat Intelligence Poor Reputation IP TCP  *.*


Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Wildcard Suppress list
« Reply #1 on: January 20, 2018, 09:31:49 am »
No, I don't believe the binary supports text wildcards.  You can use very large network blocks by specifying a large subnet mask when you suppress by IP, but that trick does not work for text.  The only supported options for suppression are "by IP" and "by GID:SID".

Bill