SURICATA disable.conf
-
In this topic (thanks for that), there is a reference to recommended settings for suricata's disable.conf.
The following recommendations are made:
2010494 #disable this sid 2200074 #disable this sid 2210059 #disable this sid 2001219 #disable this sid # disable rules containing the following: re:invalid checksum re:invalid timestamp re:package management re:SSH Scan re:3way handshake re:SURICATA STREAM re:SURICATA HTTP re:Applayer Wrong direction first Data re:Mismatch protocol both directions re:protocol only one direction re:header length too small re:invalid handshake message
I wonder if these recommendations are valid for users, NOT using the abuseipdb?