[Oisf-users] Question

Leonard Jacobs ljacobs at netsecuris.com
Sat Mar 30 15:14:26 UTC 2013

The only event I am getting is ET POLICY Unusual number of DNS No Such Name Responses.
From: mjonkman at emergingthreatspro.com [mailto:mjonkman at emergingthreatspro.com] On Behalf Of Matt Jonkman
Sent: Saturday, March 30, 2013 8:40 AM
To: Leonard Jacobs
Cc: oisf-users at openinfosecfoundation.org; Eric Leblond
Subject: Re: [Oisf-users] Question
Definitely should have. What rules are you running? Just the ET Open?
Have your vars set right?
Are you seeing other events?
On Fri, Mar 29, 2013 at 5:04 PM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
Why would Suricata events not be triggered when running a vulnerability scanner?  I ran OpenVAS against a couple of public IP addresses on our network and not a single event was triggered.  I would have thought that at least emerging-scan.rules would trigger.
Leonard Jacobs
Netsecuris Inc.
9301 Bryant Avenue S
Suite 104
Minneapolis, MN 55420
(952) 641-1421 ext. 20

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/


Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130330/6648bd2d/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 20970 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130330/6648bd2d/attachment-0002.jpg>

More information about the Oisf-users mailing list