I don't agree. Only being able to whitelist a Signature is like taking a sledghammer to crack a nut. We are seeing false positives caused by signatures, so being able to whitelist based on a source and destination ip adress would be a really good idea. At the moment I have 2 options. Don't whitlelist and keep seeing the same false positive being flagged in security events (which incidently means a ticket is raised every time) or whitelist the signature but then potentially miss a a true positive event (which really is not what I would do).
... View more
