Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Steven-B

Pages1
#1
Intrusion Detection and Prevention / Re: Issue threshold.conf / suppressing
June 25, 2025, 12:10:07 AM
Hi all,

After analyzing the logs this evening I realized I made a gigantic typo :)

this:
suppress gen_id 1, sid_id 2030387

should be:
suppress gen_id 1, sig_id 2030387


Problem solved!

Grts,
Steven
#2
Intrusion Detection and Prevention / Issue threshold.conf / suppressing
June 24, 2025, 04:18:10 PM
Hi all,

I am trying to suppress some SIDs but it seems my threshold.conf is not working.
I tried altering the suricata.yaml configuration file by removing the hashtag at threshold-file: /usr/local/etc/suricata/threshold.conf also tried with custom.yaml and give in the location of the threshold file but I do not seem to succeed...

suppress gen_id 1, sid_id 2030387

I've also tested with other rules with and without adding track by_src | by_dst, ip xxx.xxx.xxx.xxx but  whatever I am doing, it wont suppress the alerts.
Does anyone else has this problem?

I am on OPNsense 25.1.9_2-amd64 which is using Suricata 7.0.10.

Greetings,
Steven
Pages1