[Oisf-users] Newbie question - what to drop?

Nelson, Cooper cnelson at ucsd.edu
Tue Mar 19 17:05:58 UTC 2019

Best practice is to run suricata in IDS mode, monitor it and convert alerts to DROP rules where possible.


-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Diego M. Vadell
Sent: Tuesday, March 19, 2019 8:38 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Newbie question - what to drop?

Hello everybody,

    I have installed suricata and it's working great. Now I'd like to start dropping packets. For what I understood, I have to make transformation rules in /etc/suricata/drop.conf.

    What is adviced to drop? severity: 1 alerts? single rules? anything that contains "trojan"? What do you people drop?

Thanks in advance,
 -- Diego.
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/

More information about the Oisf-users mailing list