OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Remove Drop Alerts
« previous next »
  • Print
Pages: [1]

Author Topic: Remove Drop Alerts  (Read 1748 times)

spetrillo

  • Hero Member
  • *****
  • Posts: 721
  • Karma: 8
    • View Profile
Remove Drop Alerts
« on: August 10, 2021, 02:34:34 am »
Hello all,

I have set a few of my Suricata rules to drop but how can I set it so they do not hit my alerts any longer. Is there a way to do this, as it would be helpful for the Alerts section to be those that I need to review and take action on.

Thanks,
Steve
Logged

spetrillo

  • Hero Member
  • *****
  • Posts: 721
  • Karma: 8
    • View Profile
Re: Remove Drop Alerts
« Reply #1 on: August 10, 2021, 04:29:02 pm »
Lets take this a step further. Here is a snippet from my Suricata alerts:

2021-08-10T10:20:59.484556-0400   2402000   allowed   FIOS   89.248.168.157   60490   173.54.120.251   40000   ET DROP Dshield Block Listed Sourc

I would read this as this was allowed through my firewall but the attached shows that this entry was actually configured to drop. So I guess my question is what does Allowed mean above?

Thanks,
Steve
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Remove Drop Alerts
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2