Topics tagged under "alerts"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

L

New Router. Backup Restored. No Snort Alerts now

Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages snort alerts not working
3

0 Votes

3 Posts

583 Views

L

@bmeeks :
Ok. So I disabled and unassigned the WAN Sort interface. Then copied it back to the newly unused WAN interface, enabled and started it and...... IT WORKED!!! I'm getting Alerts and its generating blocks as before the upgrade!

Same name as before, but apparently an internal interface mapping in Snort was still looking for the old WAN interface id.

Thanks!!!
F

Suricata on Backup PFSense give me alerts

Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS suricata ha carp alerts
7

0 Votes

7 Posts

1k Views

S

@farazb59 The “stream” events ruleset seems to generate a lot of false positives. Consider just turning it off, which is what we do.

Curious how any traffic goes through the secondary, if it hasn’t become master?
T

Suricata Alerts - ET INFO Observed DNS Query to .biz TLD

Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS suricata ids ips alerts
9

1 Votes

9 Posts

16k Views

T

@bmeeks

Kk Sounds good,

Thanks my friend will check it out, and I will ask my isp about that because I am seeing a whole range of ips in the same scope as my public wan ip as well as ips that look to be going to different ip addresses not related to me at all and are on the same subnet as my public wan.

Thanks again.

New Router. Backup Restored. No Snort Alerts now

Suricata on Backup PFSense give me alerts

Suricata Alerts - ET INFO Observed DNS Query to .biz TLD