Hey folks,
I’ve tried a couple of different rules to tune out this vulnerability scanner but I still seem be getting a boat load of alerts from it and I can’t determine why. There must be something I’m missing. Any pointers would be much appreciated. Here are the rules I put in place to filter out the alerts (obviously not the real address):
For alerts where srcip is parsed (this appears to work):
<rule id="100080" level="0">
<srcip>1.2.3.4</srcip>
<description>Ignore any alert from X</description>
</rule>
For all other alerts:
<rule id="100130" level="0">
<match>1.2.3.4</match>
<description>Ignore any alert from X</description>
</rule>
Thanks,
Noah
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.