16
16.7 Legacy Series / Block Suricata Rules
« on: July 08, 2016, 03:29:29 am »
I just installed a fresh copy of 16.7.r1 in a small production environment. I'm testing out the Suricata Intrusion Detection feature. I currently have it setup to alert and not drop anything so that I can gather some information for tuning before I drop. However, when I disable a rule in the "Rules" tab by unchecking the "Enabled" box for the rule, I still keep getting alerts. Even after a reboot, the rule is still unchecked but the alert for that rules keeps happening. Any advice would be appreciated.