Wiki

User Tools

Site Tools

Trace: xss_cross-site_scripting ifs_internal_field_separator about_suricata dlp_data_loss_prevention wagamama_chicken_katsu_curry add_software backup_files_and_directories move_ordering introduction guests_vms_and_containers
pfsense:suricata:alerts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:suricata:alerts [2021/01/16 01:02] peterpfsense:suricata:alerts [2021/01/21 10:26] (current) peter
Line 1: Line 1:
 ====== PFSense - Suricata - Alerts ====== ====== PFSense - Suricata - Alerts ======
 +
 +See [[https://redmine.openinfosecfoundation.org/projects/suricata|Suricata Redmine site]] for further information.
 +
 +----
 +
 +[[PFSense:Suricata:Alerts:Disable an entire group of rules|Disable an entire group of rules]]
 +
 +----
 +
  
 [[PFSense:Suricata:Alerts:ET CINS Active Threat Intelligence Poor Reputation IP|ET CINS Active Threat Intelligence Poor Reputation IP]] [[PFSense:Suricata:Alerts:ET CINS Active Threat Intelligence Poor Reputation IP|ET CINS Active Threat Intelligence Poor Reputation IP]]
Line 12: Line 21:
  
 [[PFSense:Suricata:Alerts:ET SCAN Sipvicious User-Agent Detected (friendly-scanner)|ET SCAN Sipvicious User-Agent Detected (friendly-scanner)]] [[PFSense:Suricata:Alerts:ET SCAN Sipvicious User-Agent Detected (friendly-scanner)|ET SCAN Sipvicious User-Agent Detected (friendly-scanner)]]
 +
 +[[PFSense:Suricata:Alerts:ET TOR Known Tor Exit Node Traffic group 60|ET TOR Known Tor Exit Node Traffic group 60]]
  
 [[PFSense:Suricata:Alerts:ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26|ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26]] [[PFSense:Suricata:Alerts:ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26|ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26]]
  
 [[PFSense:Suricata:Alerts:SURICATA Applayer Mismatch protocol both directions|SURICATA Applayer Mismatch protocol both directions]] [[PFSense:Suricata:Alerts:SURICATA Applayer Mismatch protocol both directions|SURICATA Applayer Mismatch protocol both directions]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA Applayer Wrong direction first Data|SURICATA Applayer Wrong direction first Data]]
  
 [[PFSense:Suricata:Alerts:SURICATA HTTP Host header invalid|SURICATA HTTP Host header invalid]] [[PFSense:Suricata:Alerts:SURICATA HTTP Host header invalid|SURICATA HTTP Host header invalid]]
Line 24: Line 37:
  
 [[PFSense:Suricata:Alerts:SURICATA HTTP unable to match response to request|SURICATA HTTP unable to match response to request]] [[PFSense:Suricata:Alerts:SURICATA HTTP unable to match response to request|SURICATA HTTP unable to match response to request]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA ICMPv4 invalid checksum|SURICATA ICMPv4 invalid checksum]]
  
 [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Auth)|SURICATA IKEv2 weak cryptographic parameters (Auth)]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Auth)|SURICATA IKEv2 weak cryptographic parameters (Auth)]]
Line 66: Line 81:
  
 [[PFSense:Suricata:Alerts:SURICATA UDPv4 invalid checksum|SURICATA UDPv4 invalid checksum]] [[PFSense:Suricata:Alerts:SURICATA UDPv4 invalid checksum|SURICATA UDPv4 invalid checksum]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA TLS invalid handshake message|SURICATA TLS invalid handshake message]]
  
 [[PFSense:Suricata:Alerts:SURICATA TLS invalid record/traffic|SURICATA TLS invalid record/traffic]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record/traffic|SURICATA TLS invalid record/traffic]]
Line 71: Line 88:
 [[PFSense:Suricata:Alerts:SURICATA TLS invalid record type|SURICATA TLS invalid record type]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record type|SURICATA TLS invalid record type]]
  
----- +[[PFSense:Suricata:Alerts:SURICATA TLS invalid TLS header|SURICATA TLS invalid TLS header]]
- +
-===== Disable an entire group of rules ===== +
- +
-Navigate to **Services -> Suricata -> Interfaces -> edit > WAN(interface) -> Rules**.+
  
-Select the specific group, for example: 
  
-<code> 
-stream-events.rules 
-</code> 
  
-Disable. 
  
 ---- ----
pfsense/suricata/alerts.1610758931.txt.gz · Last modified: 2021/01/16 01:02 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki