"
hello every body,
I am using suricata with default rules all this rules are uncomented in suricata.yaml and the path of the rules is correct, i had evaluated against pytbull (tool for evaluation of ids) as results i had 94% of false negative and 0% rule matched ,i had create a simple rules for icmp ,the ping is identified by suricata ,what can be the cause of the false negative generated by suricata can be the ressource (cpu,ram)? because i am using machine with 4 gb ram the same machine use elastic search.
I am using suricata with default rules all this rules are uncomented in suricata.yaml and the path of the rules is correct, i had evaluated against pytbull (tool for evaluation of ids) as results i had 94% of false negative and 0% rule matched ,i had create a simple rules for icmp ,the ping is identified by suricata ,what can be the cause of the false negative generated by suricata can be the ressource (cpu,ram)? because i am using machine with 4 gb ram the same machine use elastic search.
