Drop rule question
genesislubrigas last edited by
I just would like to ask if this is how dropsid syntax is to be done.
I placed the above rule on dropsid-sample.conf and selected it on Drop SID File. Suricata detected and have an alert on ET TROJAN downadup/Conficker A or B Worm reporting, however, it is not dropping it since the highlight is not in red color.