Wiki

User Tools

Site Tools

Trace: xss_cross-site_scripting ifs_internal_field_separator about_suricata dlp_data_loss_prevention wagamama_chicken_katsu_curry add_software backup_files_and_directories move_ordering introduction guests_vms_and_containers
pfsense:suricata:alerts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:suricata:alerts [2021/01/16 12:30] peterpfsense:suricata:alerts [2021/01/21 10:26] (current) peter
Line 1: Line 1:
 ====== PFSense - Suricata - Alerts ====== ====== PFSense - Suricata - Alerts ======
  
-See [[https://redmine.openinfosecfoundation.org/projects/suricata|Suricata Redmine site for further information.+See [[https://redmine.openinfosecfoundation.org/projects/suricata|Suricata Redmine site]] for further information. 
 + 
 +---- 
 + 
 +[[PFSense:Suricata:Alerts:Disable an entire group of rules|Disable an entire group of rules]]
  
 ---- ----
Line 23: Line 27:
  
 [[PFSense:Suricata:Alerts:SURICATA Applayer Mismatch protocol both directions|SURICATA Applayer Mismatch protocol both directions]] [[PFSense:Suricata:Alerts:SURICATA Applayer Mismatch protocol both directions|SURICATA Applayer Mismatch protocol both directions]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA Applayer Wrong direction first Data|SURICATA Applayer Wrong direction first Data]]
  
 [[PFSense:Suricata:Alerts:SURICATA HTTP Host header invalid|SURICATA HTTP Host header invalid]] [[PFSense:Suricata:Alerts:SURICATA HTTP Host header invalid|SURICATA HTTP Host header invalid]]
Line 31: Line 37:
  
 [[PFSense:Suricata:Alerts:SURICATA HTTP unable to match response to request|SURICATA HTTP unable to match response to request]] [[PFSense:Suricata:Alerts:SURICATA HTTP unable to match response to request|SURICATA HTTP unable to match response to request]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA ICMPv4 invalid checksum|SURICATA ICMPv4 invalid checksum]]
  
 [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Auth)|SURICATA IKEv2 weak cryptographic parameters (Auth)]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Auth)|SURICATA IKEv2 weak cryptographic parameters (Auth)]]
Line 73: Line 81:
  
 [[PFSense:Suricata:Alerts:SURICATA UDPv4 invalid checksum|SURICATA UDPv4 invalid checksum]] [[PFSense:Suricata:Alerts:SURICATA UDPv4 invalid checksum|SURICATA UDPv4 invalid checksum]]
 +
 +[[PFSense:Suricata:Alerts:SURICATA TLS invalid handshake message|SURICATA TLS invalid handshake message]]
  
 [[PFSense:Suricata:Alerts:SURICATA TLS invalid record/traffic|SURICATA TLS invalid record/traffic]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record/traffic|SURICATA TLS invalid record/traffic]]
Line 78: Line 88:
 [[PFSense:Suricata:Alerts:SURICATA TLS invalid record type|SURICATA TLS invalid record type]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record type|SURICATA TLS invalid record type]]
  
----- +[[PFSense:Suricata:Alerts:SURICATA TLS invalid TLS header|SURICATA TLS invalid TLS header]]
- +
-===== Disable an entire group of rules ===== +
- +
-Navigate to **Services -> Suricata -> Interfaces -> edit > WAN(interface) -> Rules**.+
  
-Select the specific group, for example: 
  
-<code> 
-stream-events.rules 
-</code> 
  
-Disable. 
  
 ---- ----
pfsense/suricata/alerts.1610800259.txt.gz · Last modified: 2021/01/16 12:30 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki