Hi all,
I am trying to suppress some SIDs but it seems my threshold.conf is not working.
I tried altering the suricata.yaml configuration file by removing the hashtag at threshold-file: /usr/local/etc/suricata/threshold.conf also tried with custom.yaml and give in the location of the threshold file but I do not seem to succeed...
suppress gen_id 1, sid_id 2030387
I've also tested with other rules with and without adding track by_src | by_dst, ip xxx.xxx.xxx.xxx but whatever I am doing, it wont suppress the alerts.
Does anyone else has this problem?
I am on OPNsense 25.1.9_2-amd64 which is using Suricata 7.0.10.
Greetings,
Steven
Hi all,
After analyzing the logs this evening I realized I made a gigantic typo :)
this:
suppress gen_id 1, sid_id 2030387
should be:
suppress gen_id 1, sig_id 2030387
Problem solved!
Grts,
Steven