Is it possible, for example, to allow SQL inject testing for our web app scanner and at the same time deny all others, to create a custom rule for just that particular sig?
This would allow us to really ratchet down our systems utilizing the web app scanner, but at the same time max-protect for all other potential attackers.
It is possible for your IP from being denied or producing alert while other IPs will follow your normal rules.
For that please follow the following procedure.
2. Click on tab EventActionFilter (third tab)
3. Click Add and set the following information:
a. SigID: Specify your particular or leave default
b. SubSigID: your sigID or leave default
c. AttackerAddress: your Computer IP
d. AtaackerPort: leave default
e. Victim Address: Your Server IP or leave default
f. VictimPort: leave default
g. RiskRating leave default
h. Action to Subtract: Select the Signature You don't want to fire or can select all.
[press and hold and click for multiple select Signature]
Reset leave default.
4. Click Ok
5. Click Apply
Doing this your ip will not produce alter while doing your PenTest.