• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata Inline Mode automate rule action selection

IDS/IPS
2
3
397
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    ericlee
    last edited by Mar 12, 2023, 8:56 AM

    Suricata is configured inline mode on the LAN interface only, ran it for a month in alert only mode, reviewed those alerts and now in blocking mode

    But it seems that it is a manual process to modify from alert to drop and I am looking for a way to have all enabled rules configured as drop.

    Coming from a Sonicwall environment to pfSense+, with the Sonicwalls all high priority attacks in IPS are set to automatically drop from a global config setting and this is what I am trying to do with pfSense/Suricata and not sure if there is a way or not.

    Eric

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by bmeeks Mar 13, 2023, 3:11 AM Mar 12, 2023, 7:30 PM

      You want to use the features on the SID MGMT tab. Enable that feature by checking the box, and then review the content of the provided sample configuration files. The sample files contain examples with comments explaining what the examples do.

      This Sticky Post found at the top of this sub-forum also has some instructions for using SID MGMT: https://forum.netgate.com/topic/128480/how-automatic-sid-management-and-user-rule-overrides-work-in-snort-and-suricata.

      1 Reply Last reply Reply Quote 1
      • E
        ericlee
        last edited by Mar 14, 2023, 5:27 PM

        Thanks, I will work on it and follow up if I have more questions

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.