Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Flowbit rules and no alert
« previous
next »
Print
Pages: [
1
]
Author
Topic: Flowbit rules and no alert (Read 3363 times)
JL
Newbie
Posts: 42
Karma: 1
Flowbit rules and no alert
«
on:
November 09, 2018, 05:53:45 pm »
Dear,
Confronted with Zberp being reported as originating from my SmartTV reaching in relation to Netflix traffic (yes, port 80) I came to look at Suricata SID 2021831 which is a flowbits:noalert rule
It took me a while and had to ask but someone pointed out this rule is not supposed to trigger since it is a flowbits rule for which no alert is configured. Hence i wondered if this (most likely) is my mistake of enabling such rule or if this is a known error in the suricata configuration with OPNSense.
Thank you
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Flowbit rules and no alert
