Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata default rules

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 258 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antibiotic
      last edited by Antibiotic

      Hi,
      Can some1 to explain, in case if I have snort subscribes rules, can me to untick all Suricata default rules ( this rules duplicate each other?, is it better for security and false alerts? or this will reduce security and this both rules are not duplicate each other and work in combine? Using Suricata inline mode with a IPS Policy Mode - Policy.

      pfSense plus 24.11 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      S 1 Reply Last reply Reply Quote 0
      • A Antibiotic referenced this topic on
      • S
        SteveITS Galactic Empire @Antibiotic
        last edited by

        @Antibiotic I have not used the subscriber rules. I would only enable rules for the things you are protecting, for example web server rules. I do not think it would hurt to have overlapping rules, other than extra CPU time processing the packet twice.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.