pfsense:suricata:suppress
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| pfsense:suricata:suppress [2020/03/01 20:26] – peter | pfsense:suricata:suppress [2022/07/16 21:39] (current) – 4uMXQZ <a href="http://gdkrhydmwahu.com/">gdkrhydmwahu</a>, [url=http://ocupbhvhwaef.com/]ocupbhvhwaef[/url], [link=http://cjsxuyshervu.com/]cjsxuyshervu[/link], http://tkagiwtewlnu.com/ 5.188.211.16 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PFSense - Suricata - Suppress ====== | + | 4uMXQZ |
| - | + | ||
| - | Create a suppress list to suppress certain snort and ET signatures to overcome False Positives. | + | |
| - | + | ||
| - | <code> | + | |
| - | Services -> Suricata -> Suppress | + | |
| - | </code> | + | |
| - | + | ||
| - | + | ||
| - | ---- | + | |
| - | + | ||
| - | ===== Examples to Supress ===== | + | |
| - | + | ||
| - | < | + | |
| - | Just wanted to share my Snort suppress list. After months of being frustrated with many false positives and snort ultimately blocking them, I have carefully put up this list. A few of them I got from other forum posts like the sensitive data section, so its a mix of everything. I have turned on all categories and now rarely get a false positive (though I do find some once every other week). This is in no ways a perfect list but for me Snort is now less of an annoyance. You might identify some as required and not supposed to be on this list. Please let me know and I will ensure this list gets updated and has the right false positives that can be safely ignored.< | + | |
| - | + | ||
| - | suppress gen_id 1, sig_id 536 | + | |
| - | suppress gen_id 1, sig_id 648 | + | |
| - | suppress gen_id 1, sig_id 837 | + | |
| - | suppress gen_id 1, sig_id 11192 | + | |
| - | suppress gen_id 1, sig_id 12286 | + | |
| - | suppress gen_id 1, sig_id 15147 | + | |
| - | suppress gen_id 1, sig_id 15306 | + | |
| - | suppress gen_id 1, sig_id 15362 | + | |
| - | suppress gen_id 1, sig_id 17458 | + | |
| - | suppress gen_id 1, sig_id 20583 | + | |
| - | suppress gen_id 1, sig_id 2000334 | + | |
| - | suppress gen_id 1, sig_id 2010516 | + | |
| - | suppress gen_id 1, sig_id 2012088 | + | |
| - | suppress gen_id 1, sig_id 2013222 | + | |
| - | suppress gen_id 1, sig_id 2014819 | + | |
| - | suppress gen_id 1, sig_id 2014520 | + | |
| - | suppress gen_id 1, sig_id 2101390 | + | |
| - | suppress gen_id 1, sig_id 2103134 | + | |
| - | suppress gen_id 1, sig_id 2500056 | + | |
| - | suppress gen_id 119, sig_id 2 | + | |
| - | suppress gen_id 119, sig_id 4 | + | |
| - | suppress gen_id 119, sig_id 14 | + | |
| - | suppress gen_id 119, sig_id 31 | + | |
| - | suppress gen_id 119, sig_id 32 | + | |
| - | suppress gen_id 120, sig_id 2 | + | |
| - | suppress gen_id 120, sig_id 3 | + | |
| - | suppress gen_id 120, sig_id 4 | + | |
| - | suppress gen_id 120, sig_id 6 | + | |
| - | suppress gen_id 120, sig_id 8 | + | |
| - | suppress gen_id 120, sig_id 9 | + | |
| - | suppress gen_id 122, sig_id 19 | + | |
| - | suppress gen_id 122, sig_id 21 | + | |
| - | suppress gen_id 122, sig_id 22 | + | |
| - | suppress gen_id 122, sig_id 23 | + | |
| - | suppress gen_id 122, sig_id 26 | + | |
| - | </ | + | |
| - | + | ||
pfsense/suricata/suppress.1583094388.txt.gz · Last modified: 2020/07/15 09:30 (external edit)