[Oisf-users] Fwd: Threshold.conf not working
Josh Brower
Josh at defensivedepth.com
Sun Jan 6 20:15:26 UTC 2013
I am using Suricata with the latest version of Security Onion (12.04),
which uses Suricata 1.3.3. I have threshold.conf with 18 entries. I have
verified that Suricata loaded those 18 rules on startup ("Threshold config
parsed: 18 rule(s) found")
But I still get alerts firing for these entries... For example, in my
threshold.conf:
#Suppress - ET CNC Shadowserver Reported CnC Server IP (group 38) for
SOSERVER- False Positive - 12/12
suppress gen_id 1, sig_id 2404037, track by_dst, ip 72.8.140.222
I restart Suricata, and I still get this alert firing for the dst IP
of 72.8.140.222.
What should I tshoot next?
Thanks
-Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130106/2482c65a/attachment-0002.html>
More information about the Oisf-users
mailing list