Possible False Positive?: SURICATA TLS invalid record
I keep getting following rules triggered for IPs from Microsoft Corp.
Just want to know if they are false positives and are safe to disable:
- SURICATA TLS invalid record type
- SURICATA TLS invalid record/traffic
bmeeks last edited by
Probably false positives. There have been some reports of flakiness with the TLS decoder rules in Suricata of late. There is a post on the Suricata Redmine site about some other TLS issues.