This is an old revision of the document!
Table of Contents
PFSense - Suricata - Alerts
ET CINS Active Threat Intelligence Poor Reputation IP
ET DROP Dshield Block Listed Source group 1
ET POLICY PE EXE or DLL Windows file download HTTP
ET SCAN Internal Dummy Connection User-Agent Inbound
ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response
ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26
SURICATA Applayer Mismatch protocol both directions
SURICATA HTTP Host header invalid
SURICATA HTTP Request line incomplete
SURICATA HTTP Request unrecognized authorization method
SURICATA HTTP unable to match response to request
SURICATA IKEv2 weak cryptographic parameters (Auth)
SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)
SURICATA IKEv2 weak cryptographic parameters (Encryption)
SURICATA IKEv2 weak cryptographic parameters (PRF)
SURICATA STREAM 3way handshake SYNACK with wrong ack
SURICATA STREAM 3way handshake SYNACK resend with different ack
SURICATA STREAM 3way handshake SYN resend different seq on SYN recv
SURICATA STREAM 3way handshake wrong seq wrong ack
SURICATA STREAM bad window update
SURICATA STREAM CLOSEWAIT FIN out of window
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM excessive retransmissions
SURICATA STREAM FIN invalid ack
SURICATA STREAM Packet with invalid ack
SURICATA STREAM Packet with invalid timestamp
SURICATA STREAM reassembly overlap with different data
SURICATA STREAM TIMEWAIT ACK with wrong seq
SURICATA UDPv4 invalid checksum
SURICATA TLS invalid record/traffic
SURICATA TLS invalid record type
Disable an entire group of rules
Navigate to Services → Suricata → Interfaces → edit > WAN(interface) → Rules.
Select the specific group, for example:
stream-events.rules
Disable.