Hello all.
I am using Snorby in NST. I want to get logs for all other IP addresses except one IP for a particular trigger. So I used ! exclamation before destination section (in downloaded.rules) and did a rule-update:-
alert any any -> !192.168.1.1 3389 .......contd.....
But I still get logs for 192.168.1.1 IP also alongwith other IPs. Any other place also should I touch?
Hello all. I am using Snorby in NST. I want to get logs for all other IP addresses except one IP for a particular trigger. So I used ! exclamation before destination section (in downloaded.rules) and did a rule-update:-
alert any any -> !192.168.1.1 3389 .......contd.....
But I still get logs for 192.168.1.1 IP also alongwith other IPs. Any other place also should I touch?
Thanks