• All,

    It would be helpful to have a checkbox selection for "Not Dropped" in the filtering section for Suricata/Snort. Particuarly of interest when the engine is "INLINE". Various rules may be "alert" (instead of drop) - being able to quickly review those to see if additional tweaks/tunings (conversion to "drop") are required.

    Thanks!


  • @justme2 said in Filter and "not dropped":

    All,

    It would be helpful to have a checkbox selection for "Not Dropped" in the filtering section for Suricata/Snort. Particuarly of interest when the engine is "INLINE". Various rules may be "alert" (instead of drop) - being able to quickly review those to see if additional tweaks/tunings (conversion to "drop") are required.

    Thanks!

    Are you talking about on the RULES tab? If so I can add that to my TODO list for a future update.


  • @bmeeks

    Actually, was thinking: Services -> <IDS/IPS Engine> -> Alerts

    The ability to remove drops while doing regular spot checking and see what triggered an alert (not a "drop") - has become more interesting.

    For: Services -> <IDS/IPS Engine> -> Interfaces -> <Interface> -> Rules, a means to reduce the list via a valid action type would be most appreciated.

    Thanks!


  • @justme2 said in Filter and "not dropped":

    @bmeeks

    Actually, was thinking: Services -> <IDS/IPS Engine> -> Alerts

    The ability to remove drops while doing regular spot checking and see what triggered an alert (not a "drop") - has become more interesting.

    For: Services -> <IDS/IPS Engine> -> Interfaces -> <Interface> -> Rules, a means to reduce the list via a valid action type would be most appreciated.

    Thanks!

    Oh, I see. It's not hard to add the feature to that page either. I'll put that on the TODO list as well.