Looking for documentation for Ignore Portscans ansd Blacklists

  • 1
  • Question
  • Updated 4 years ago
Photo of Gavin Murphy

Gavin Murphy

  • 1 Post
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 391 Posts
  • 8 Reply Likes
The recommended mechanism to disable portscans/netscans is to specify under sensor settings the IP address of the host to be ignored in the field Machines to ignore for portscans.

This is a accurate and effective method to ignore portscanners and netscanners.

Specify an IP address or a range of IP Addresses which are to be ignored by the Snoopy portscan and netscan module. No portscan or netscan events will be recorded for the specified IP addresses. (separate multiple ip addresses with a comma)

-

The blacklist setting for the sensor relates to the Bad Accesses being recorded by the sensors. If there are systems that you wish to exclude from the blacklist recording then you add the system here.

You should set the parameter similar to the netscan/portscan settings above.