[Oisf-users] [OT] Auto enabling SID drops

Phil Daws uxbod at splatnix.net
Tue Apr 15 08:57:04 UTC 2014


Hello, 

have started to test Suricata for use at work and have a question regarding the enabling of rules. Am using the ET ruleset and see Suricata alerting on the following: 

[1:2500074:3206] ET COMPROMISED Known Compromised or Hostile Host Traffic group 38 [Classification: Misc Attack] [Priority: 2] 

is there anyway to get specific classifications to automatically drop packets ? I know one can add the sid to dropsid.conf but wondered if there was another way.

Thanks, Phil




More information about the Oisf-users mailing list