Filter and "not dropped"
-
All,
It would be helpful to have a checkbox selection for "Not Dropped" in the filtering section for Suricata/Snort. Particuarly of interest when the engine is "INLINE". Various rules may be "alert" (instead of drop) - being able to quickly review those to see if additional tweaks/tunings (conversion to "drop") are required.
Thanks!
-
@justme2 said in Filter and "not dropped":
All,
It would be helpful to have a checkbox selection for "Not Dropped" in the filtering section for Suricata/Snort. Particuarly of interest when the engine is "INLINE". Various rules may be "alert" (instead of drop) - being able to quickly review those to see if additional tweaks/tunings (conversion to "drop") are required.
Thanks!
Are you talking about on the RULES tab? If so I can add that to my TODO list for a future update.
-
Actually, was thinking: Services -> <IDS/IPS Engine> -> Alerts
The ability to remove drops while doing regular spot checking and see what triggered an alert (not a "drop") - has become more interesting.
For: Services -> <IDS/IPS Engine> -> Interfaces -> <Interface> -> Rules, a means to reduce the list via a valid action type would be most appreciated.
Thanks!
-
@justme2 said in Filter and "not dropped":
Actually, was thinking: Services -> <IDS/IPS Engine> -> Alerts
The ability to remove drops while doing regular spot checking and see what triggered an alert (not a "drop") - has become more interesting.
For: Services -> <IDS/IPS Engine> -> Interfaces -> <Interface> -> Rules, a means to reduce the list via a valid action type would be most appreciated.
Thanks!
Oh, I see. It's not hard to add the feature to that page either. I'll put that on the TODO list as well.
