Set Suppression for an Intrusion Rule in Snort 3

You can set one or more suppressions for a rule in your intrusion policy.

Before you begin

Ensure you create the required network objects to be added for source or destination suppression.

Procedure

Step 1

Choose Policies > + Show more > Security policies > Intrusion Rules.

Step 2

Click Snort 3 All Rules tab.

Step 3

Click the None link in the intrusion rule’s Alert Configuration column,.

Step 4

Click Edit (edit icon).

Step 5

From the Suppressions tab, click the add icon Add (add icon) next to any of the following options:

  • Choose Source Networks to suppress events generated by packets originating from a specified source IP address.

  • Choose Destination Networks to suppress events generated by packets going to a specified destination IP address.

Step 6

Select any of the preset networks in the Network drop-down list.

Step 7

Click Save.

Step 8

(Optional) Repeat the last three steps if required.

Step 9

Click Save in the Alert Configuration window.

What to do next

Deploy configuration changes; see Deploy Configuration Changes.