[Oisf-users] [OT] Auto enabling SID drops
Phil Daws
uxbod at splatnix.net
Tue Apr 15 08:57:04 UTC 2014
Hello,
have started to test Suricata for use at work and have a question regarding the enabling of rules. Am using the ET ruleset and see Suricata alerting on the following:
[1:2500074:3206] ET COMPROMISED Known Compromised or Hostile Host Traffic group 38 [Classification: Misc Attack] [Priority: 2]
is there anyway to get specific classifications to automatically drop packets ? I know one can add the sid to dropsid.conf but wondered if there was another way.
Thanks, Phil
More information about the Oisf-users
mailing list