• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata default rules

Scheduled Pinned Locked Moved IDS/IPS
2 Posts 2 Posters 248 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Antibiotic
    last edited by Antibiotic Apr 23, 2024, 2:50 PM Apr 23, 2024, 2:48 PM

    Hi,
    Can some1 to explain, in case if I have snort subscribes rules, can me to untick all Suricata default rules ( this rules duplicate each other?, is it better for security and false alerts? or this will reduce security and this both rules are not duplicate each other and work in combine? Using Suricata inline mode with a IPS Policy Mode - Policy.

    pfSense plus 24.11 on Topton mini PC
    CPU: Intel N100
    NIC: Intel i-226v 4 pcs
    RAM : 16 GB DDR5
    Disk: 128 GB NVMe
    Brgds, Archi

    S 1 Reply Last reply Apr 23, 2024, 4:49 PM Reply Quote 0
    • A Antibiotic referenced this topic on Apr 23, 2024, 3:40 PM
    • S
      SteveITS Galactic Empire @Antibiotic
      last edited by Apr 23, 2024, 4:49 PM

      @Antibiotic I have not used the subscriber rules. I would only enable rules for the things you are protecting, for example web server rules. I do not think it would hurt to have overlapping rules, other than extra CPU time processing the packet twice.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received