Flowbit rules and no alert

Started by JL, November 09, 2018, 05:53:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 09, 2018, 05:53:45 PM
Dear,

Confronted with Zberp being reported as originating from my SmartTV reaching in relation to Netflix traffic (yes, port 80) I came to look at Suricata SID 2021831 which is a flowbits:noalert rule

It took me a while and had to ask but someone pointed out this rule is not supposed to trigger since it is a flowbits rule for which no alert is configured. Hence i wondered if this (most likely) is my mistake of enabling such rule or if this is a known error in the suricata configuration with OPNSense.

Thank you
Print
Go Up Pages1
User actions