ET Telemetry Rules

spetrillo · April 26, 2024, 06:14:56 PM

Hello all,

Is there a set of rules that I should be setting as Drop only, rather than waiting for the alert and then dropping it? Would like to get ahead of the malicious actors if I could. My firewall and Suricate stood up to a very large brute force attack a couple of days ago...yea!

Thanks,
Steve

ET Telemetry Rules

spetrillo

April 26, 2024, 06:14:56 PM