I have a rule that is causing me a lot of false positives. This rule is always triggered from the same source IP to the same destination IP.
I want to suppress this rule only from that specific combination of destination and source IP. If i use the “track by_src” or “track by_dst” it will suppress all the alerts from or to that IPs.
I only want to suppress the rule from IP x to IP y.