Suricate



  • I noted in the alert section of Suricate the following displayed multiple times:

    SURICATA STREAM ESTABLISHED

    What is the source of this alert? Can it be suppressed? What is anything should be dome?



  • The stream alerts can be very annoying, especially on an installation using libpcap like the package utilizes on pfSense.  I generally disable the majority of those stream alert rules in Suricata.

    Bill


Log in to reply