Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Drop rule question

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 764 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      genesislubrigas
      last edited by

      I just would like to ask if this is how dropsid syntax is to be done.

      emerging-attack_response,emerging-botcc.portgrouped,emerging-botcc,emerging-compromised,emerging-dos,emerging-dshield,emerging-exploit,emerging-malware,emerging-misc,emerging-mobile_malware,emerging-p2p,emerging-tor,emerging-trojan,emerging-worm,snort_backdoor,snort_botnet-cnc,snort_ddos,snort_dos,snort_malware-backdoor,snort_malware-cnc,snort_malware-other,snort_malware-tools,snort_misc,snort_p2p,snort_pua-p2p,snort_specific-threats,snort_spyware-put,snort_virus,GPLv2_community

      I placed the above rule on dropsid-sample.conf and selected it on Drop SID File.  Suricata detected and have an alert on ET TROJAN  downadup/Conficker A or B Worm reporting, however, it is not dropping it since the highlight is not in red color.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.