Suricata default rules
-
Hi,
Can some1 to explain, in case if I have snort subscribes rules, can me to untick all Suricata default rules ( this rules duplicate each other?, is it better for security and false alerts? or this will reduce security and this both rules are not duplicate each other and work in combine? Using Suricata inline mode with a IPS Policy Mode - Policy. -
-
@Antibiotic I have not used the subscriber rules. I would only enable rules for the things you are protecting, for example web server rules. I do not think it would hurt to have overlapping rules, other than extra CPU time processing the packet twice.