[Oisf-users] Suricata not blocking bad traffic
Leonard
ljacobs at netsecuris.com
Tue Jul 10 12:48:49 UTC 2018
You want to use one of signature management tools that can automatically manage the signatures that can set the actions you want. See the Suricata docs.
> On Jul 10, 2018, at 7:31 AM, gatodiablo at protonmail.com wrote:
>
> Ok. It's easy enough to use sed to change the alerts to drops, but what about the next time updated rules are downloaded? I would have to change them again. I use emerging threat rules and they all appear to be alert only. Surely there is an simpler way to solve this?
>
>
> Sent from ProtonMail mobile
>
>
>
> -------- Original Message --------
> On Jul 9, 2018, 1:08 PM, Andreas Herz < andi at geekosphere.org> wrote:
>
> On 08/07/18 at 21:58, gatodiablo at protonmail.com wrote:
> > Alert I think. Do I need a different set of rules to run in IPS mode? I ideally want it to both alert and drop anything that matches a rule.
>
> Yes you need to change the action keyword from 'alert' to 'drop' or it
> won't be dropped/blocked. You will still get an "alert" message as well
> which also mentiones the drop.
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify Netsecuris management at mgmt at netsecuris.com. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Netsecuris Inc. The integrity and security of this message cannot be guaranteed on the Internet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180710/979793a1/attachment.html>
More information about the Oisf-users
mailing list