Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: spetrillo on April 10, 2022, 05:13:29 AM

Title: Rule Errors?
Post by: spetrillo on April 10, 2022, 05:13:29 AM
Hello all,

I have recently enabled Suricata for my WAN connection. I noticed the following in my log:

2022-04-09T23:01:25-04:00   Warning   suricata   [100309] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.tefosteal.variant' is checked but not set. Checked in 2840863 and 0 other sigs   
2022-04-09T23:01:25-04:00   Warning   suricata   [100309] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.maldocexe' is checked but not set. Checked in 2833022 and 0 other sigs   
2022-04-09T23:01:25-04:00   Warning   suricata   [100309] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.Suspicious.Domain.Fake.Browser' is checked but not set. Checked in 2018572 and 0 other sigs

What do these mean and is it something I need to be concerned about?

Thanks,
Steve
Text only | Text with Images