<div dir="ltr">Hi guys,<div><br></div><div>I've been reading a bit about Suricata and doing some tests. I've read that Suricata can be configured to work inline (as an IPS). I've noticed also that in order to bloc an attack, one must change the corresponding action in the rule and set it to 'drop' or 'reject'.</div>
<div><br></div><div>My question is: is there a way to set a default bloc action, making suricata bloc every query that trigers a rule? or i have to replace every "alert" pattern by a "drop/reject" in every rule?</div>
<div><br></div><div>Thanks a lot.</div><div><br></div><div>Aline</div><div><br></div></div>