<div dir="ltr">Definitely should have. What rules are you running? Just the ET Open?<div><br></div><div style>Have your vars set right?</div><div style><br></div><div style>Are you seeing other events?</div><div style><br>
</div><div style>Matt</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Mar 29, 2013 at 5:04 PM, Leonard Jacobs <span dir="ltr"><<a href="mailto:ljacobs@netsecuris.com" target="_blank">ljacobs@netsecuris.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">Why would Suricata events not be triggered when running a vulnerability scanner?  I ran OpenVAS against a couple of public IP addresses on our network and not a single event was triggered.  I would have thought that at least emerging-scan.rules would trigger.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Thanks.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Leonard Jacobs<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">President/CEO<u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Netsecuris Inc.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">9301 Bryant Avenue S<u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Suite 104<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Minneapolis, MN 55420<u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><a href="tel:%28952%29%20641-1421%20ext.%2020" value="+19526411421" target="_blank">(952) 641-1421 ext. 20</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><a href="http://www.netsecuris.com" target="_blank">http://www.netsecuris.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><img border="0" width="288" height="96" src="cid:image001.jpg@01CE2C97.109028D0" alt="logo_tagline3x1"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>_______________________________________________<br>

Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><br><br>----------------------------------------------------<br>
Matt Jonkman<br>Emerging Threats Pro<br>Open Information Security Foundation (OISF)<br>Phone 866-504-2523 x110<br><a href="http://www.emergingthreatspro.com" target="_blank">http://www.emergingthreatspro.com</a><br><a href="http://www.openinfosecfoundation.org" target="_blank">http://www.openinfosecfoundation.org</a><br>
----------------------------------------------------
</div>