Possible False Positive?: SURICATA TLS invalid record
-
Hi,
I keep getting following rules triggered for IPs from Microsoft Corp.
Just want to know if they are false positives and are safe to disable:- SURICATA TLS invalid record type
- SURICATA TLS invalid record/traffic
Thanks.
-
Probably false positives. There have been some reports of flakiness with the TLS decoder rules in Suricata of late. There is a post on the Suricata Redmine site about some other TLS issues.
Bill