[Oisf-users] Newbie question - what to drop?

Diego M. Vadell dvadell at lantech.com.ar
Tue Mar 19 15:38:24 UTC 2019

Hello everybody,

    I have installed suricata and it's working great. Now I'd like to start 
dropping packets. For what I understood, I have to make transformation rules 
in /etc/suricata/drop.conf.

    What is adviced to drop? severity: 1 alerts? single rules? anything that 
contains "trojan"? What do you people drop?

Thanks in advance,
 -- Diego.

More information about the Oisf-users mailing list