How to suppress multiple IP's for 1 suricata rule, this is not docummented

[sleepingbel]

Version

2.4.70

Installation Method

Security Onion ISO image

Description

upgrading

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

16 v-CPU

RAM

48 GB

Storage for /

250 GB

Storage for /nsm

1.66 TB

Network Traffic Collection

span port

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

How can we add multiple IP for surpressing for the Suricata Rules, there is no mention of it in the manual

When I add the IP to the first surpress filter with a comma between the two IP's i get this message and it is not possible to save

If I try to add two surpress filters I get this alert, what in my point of view is correct because you need to add the IP to the first filter.

Regards
Bart

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[jpancrazio]

I added another condition and track on the same rule with the second IP, and did for additional as well -- seems to have worked for me.

[sleepingbel]

Strange, if I add a second line as a filter today, it works