27 Jan
2005
27 Jan
'05
7:27 p.m.
Is there a way to stop rules from processing after issuing an alert (maybe it already does it).
What I am looking for is specific alerts in the beginning of the file that would alert people to problems. Once the alert was issued it would stop after processing that definition (with a keyword STOP or something). This would allow me to create specific rules in the beginning of the file (for specific hosts, services, etc) and then a catchall at the bottom.
If the specific rules were triggered, the generic catch all would not be.
Chris