Hi
Since the new version 21.7 is deployed, I have notices issues running surricata.
I have spot the following issues unless the alert tab is correctly filled up:
- the rule list is empty but the rules are working but it makes me impossible to add a rule to ignore a specific rule
ie https://x.x.x.x/ui/ids#rules ( i have tried to select all the filters possible )
- the rules always sets to alert and no blocking ( i guess the problem came with new config )
My basic config here is
Version
OpnSense : 21.7.1
Architecture : amd64
Type : Community
Module installed
- os-intrusion-detection-content-pt-open 1.0_1
- os-intrusion-detection-content-snort-vrt 1.1_1
- os-etpro-telemetry 1.5
Module activated
- snort_vrt.oinkcode
- et_telemetry.token ( registered )
Config applied
- IPS mode
- Prosmicuity mode
- Pattern matcher : hyperscan
- Interfaces : all
It's caused by faulty data in pt-open rules.
Cheers,
Franco
Hi
can you add screenshots of enabled rulesets in "download" tab and Rules tab?
if "PT Research ruleset" enabled then I agree with @franco - the matter is in incorrect metadata of the PT-research rules (https://github.com/opnsense/core/commit/3f73088673973676a4f8d42c1da0134d9c6ac82f should help)