[Oisf-users] Newbie question - what to drop?
Nelson, Cooper
cnelson at ucsd.edu
Tue Mar 19 17:05:58 UTC 2019
Best practice is to run suricata in IDS mode, monitor it and convert alerts to DROP rules where possible.
-Coop
-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Diego M. Vadell
Sent: Tuesday, March 19, 2019 8:38 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Newbie question - what to drop?
Hello everybody,
I have installed suricata and it's working great. Now I'd like to start dropping packets. For what I understood, I have to make transformation rules in /etc/suricata/drop.conf.
What is adviced to drop? severity: 1 alerts? single rules? anything that contains "trojan"? What do you people drop?
Thanks in advance,
-- Diego.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list