From b52cf82910b70c825a55f31d7f4fac08240e58e8 Mon Sep 17 00:00:00 2001
From: hackintosh1984 <10142369+hackintosh1984@users.noreply.github.com>
Date: Thu, 7 Dec 2023 09:30:07 -0600
Subject: [PATCH] Update managing-alerts.rst

added information about adding multiple IPs/networks to a suppression threshold config using a comma
---
 managing-alerts.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/managing-alerts.rst b/managing-alerts.rst
index 4d773d83..38b3463d 100644
--- a/managing-alerts.rst
+++ b/managing-alerts.rst
@@ -140,6 +140,16 @@ For example, suppose you want to suppress SID 2013030 where the source IP addres
 	      track: by_src
               ip: 10.10.3.0/24
 
+If you want to suppress SID 2013030 for multiple IPs where source IP address is in the 10.10.3.0/24 subnet and also IP address 10.0.0.5 simply separate them with a comma:
+
+::
+
+	2013030:
+  	  - suppress:
+	      gen_id: 1
+	      track: by_src
+              ip: 10.10.3.0/24,10.0.0.5
+
 Flowbits
 --------