pfsense:suricata:suppress
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| pfsense:suricata:suppress [2020/03/01 20:54] – peter | pfsense:suricata:suppress [2022/07/16 21:39] (current) – 4uMXQZ <a href="http://gdkrhydmwahu.com/">gdkrhydmwahu</a>, [url=http://ocupbhvhwaef.com/]ocupbhvhwaef[/url], [link=http://cjsxuyshervu.com/]cjsxuyshervu[/link], http://tkagiwtewlnu.com/ 5.188.211.16 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PFSense - Suricata - Suppress ====== | + | 4uMXQZ |
| - | + | ||
| - | Create a suppress list to suppress certain snort and ET signatures to overcome False Positives. | + | |
| - | + | ||
| - | < | + | |
| - | Services -> Suricata -> Suppress | + | |
| - | </code> | + | |
| - | + | ||
| - | + | ||
| - | ---- | + | |
| - | + | ||
| - | ===== Examples to Supress ===== | + | |
| - | + | ||
| - | The following list is from various sources. Recommended to check and confirm if these are to be used. | + | |
| - | + | ||
| - | < | + | |
| - | #gen_id_1 | + | |
| - | + | ||
| - | #GPL SHELLCODE x86 NOOP | + | |
| - | suppress gen_id 1, sig_id 536 | + | |
| - | + | ||
| - | suppress gen_id 1, sig_id 648 | + | |
| - | suppress gen_id 1, sig_id 837 | + | |
| - | suppress gen_id 1, sig_id 2000334 | + | |
| - | + | ||
| - | #"GPL SHELLCODE x86 NOOP" | + | |
| - | + | ||
| - | suppress gen_id 1, sig_id 648 | + | |
| - | #GPL SHELLCODE x86 0x90 un | + | |
| - | + | ||
| - | + | ||
| - | #This set of instructions can be used as a NOOP to pad buffers on an x86 architecture machines. | + | |
| - | suppress gen_id 1, sig_id 1390 | + | |
| - | suppress gen_id 1, sig_id 2452 | + | |
| - | suppress gen_id 1, sig_id 8375 | + | |
| - | + | ||
| - | # | + | |
| - | suppress gen_id 1, sig_id 11192 | + | |
| - | suppress gen_id 1, sig_id 12286 | + | |
| - | suppress gen_id 1, sig_id 15147 | + | |
| - | + | ||
| - | #This event indicates that a portable executable file has been downloaded. | + | |
| - | suppress gen_id 1, sig_id 15306 | + | |
| - | suppress gen_id 1, sig_id 15362 | + | |
| - | + | ||
| - | + | ||
| - | # | + | |
| - | suppress gen_id 1, sig_id 16313 | + | |
| - | + | ||
| - | #WEB-CLIENT Microsoft Internet Explorer userdata behavior memory corruption attempt | + | |
| - | suppress gen_id 1, sig_id 16482 | + | |
| - | suppress gen_id 1, sig_id 17458 | + | |
| - | suppress gen_id 1, sig_id 20583 | + | |
| - | suppress gen_id 1, sig_id 23098 | + | |
| - | + | ||
| - | + | ||
| - | #"ET TFTP Outbound TFTP Read Request" | + | |
| - | suppress gen_id 1, sig_id 2008120 | + | |
| - | suppress gen_id 1, sig_id 2010516 | + | |
| - | suppress gen_id 1, sig_id 2012088 | + | |
| - | + | ||
| - | + | ||
| - | #ET SHELLCODE Common 0a0a0a0a Heap Spray String | + | |
| - | suppress gen_id 1, sig_id 2012252 | + | |
| - | suppress gen_id 1, sig_id 2012758 | + | |
| - | suppress gen_id 1, sig_id 2013222 | + | |
| - | + | ||
| - | #ET INFO EXE - OSX Disk Image Download | + | |
| - | suppress gen_id 1, sig_id 2014518 | + | |
| - | suppress gen_id 1, sig_id 2014520 | + | |
| - | suppress gen_id 1, sig_id 2014819 | + | |
| - | + | ||
| - | #ET INFO PDF Using CCITTFax Filter | + | |
| - | suppress gen_id 1, sig_id 2015561 | + | |
| - | suppress gen_id 1, sig_id 2100366 | + | |
| - | suppress gen_id 1, sig_id 2100368 | + | |
| - | + | ||
| - | #GPL SHELLCODE x86 stealth NOOP | + | |
| - | suppress gen_id 1, sig_id 2100651 | + | |
| - | suppress gen_id 1, sig_id 2101390 | + | |
| - | + | ||
| - | #GPL SHELLCODE x86 0xEB0C NOOP | + | |
| - | suppress gen_id 1, sig_id 2101424 | + | |
| - | suppress gen_id 1, sig_id 2102314 | + | |
| - | suppress gen_id 1, sig_id 2103134 | + | |
| - | suppress gen_id 1, sig_id 2500056 | + | |
| - | suppress gen_id 1, sig_id 100000230 | + | |
| - | + | ||
| - | #WEB-CLIENT libpng malformed chunk denial of service attempt. | + | |
| - | suppress gen_id 3, sig_id 14772 | + | |
| - | + | ||
| - | # | + | |
| - | suppress gen_id 119, sig_id 2 | + | |
| - | suppress gen_id 119, sig_id 4 | + | |
| - | + | ||
| - | # | + | |
| - | suppress gen_id 119, sig_id 14 | + | |
| - | suppress gen_id 119, sig_id 31 | + | |
| - | suppress gen_id 119, sig_id 32 | + | |
| - | + | ||
| - | #HTTP Inspect Errors. | + | |
| - | suppress gen_id 120, sig_id 2 | + | |
| - | suppress gen_id 120, sig_id 3 | + | |
| - | suppress gen_id 120, sig_id 4 | + | |
| - | suppress gen_id 120, sig_id 6 | + | |
| - | suppress gen_id 120, sig_id 8 | + | |
| - | suppress gen_id 120, sig_id 9 | + | |
| - | suppress gen_id 120, sig_id 10 | + | |
| - | + | ||
| - | suppress gen_id 122, sig_id 19 | + | |
| - | suppress gen_id 122, sig_id 21 | + | |
| - | suppress gen_id 122, sig_id 22 | + | |
| - | suppress gen_id 122, sig_id 23 | + | |
| - | suppress gen_id 122, sig_id 26 | + | |
| - | + | ||
| - | # | + | |
| - | suppress gen_id 123, sig_id 10 | + | |
| - | suppress gen_id 137, sig_id 1 | + | |
| - | + | ||
| - | + | ||
| - | #Credit Card Numbers | + | |
| - | suppress gen_id 138, sig_id 2 | + | |
| - | + | ||
| - | #U.S. Social Security Numbers (with dashes) | + | |
| - | suppress gen_id 138, sig_id 3 | + | |
| - | + | ||
| - | #U.S. Social Security Numbers (w/out dashes) | + | |
| - | suppress gen_id 138, sig_id 4 | + | |
| - | + | ||
| - | #Email Addresses | + | |
| - | suppress gen_id 138, sig_id 5 | + | |
| - | + | ||
| - | #U.S. Phone Numbers | + | |
| - | suppress gen_id 138, sig_id 6 | + | |
| - | + | ||
| - | + | ||
| - | </code> | + | |
| - | + | ||
pfsense/suricata/suppress.1583096084.txt.gz · Last modified: 2020/07/15 09:30 (external edit)