Suricata IPS silently blocking Quickbooks Online invites

Started by carrot, April 21, 2022, 07:50:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 21, 2022, 07:50:13 PM
Hi

I have found that Suricata IPS silently inhibits / blocks the load of the captcha that loads when trying to accept a Quickbooks online invite. 

works fine when IPS off (IDS only).

I managed to narrow it down to something in the ET telemetry/emerging-coinminer ruleset.  Everything works fine if I leave that ruleset as alert only (by excluding it from my convert to drop policy). 

Issue exists on 22.1.5-amd64 and at least a couple of other versions but I didnt record those at the time before updating sorry. 

No real complaint here / not asking for a fix, successfully worked around, more just posting for reference in case someone else is facing the same frustration. 
Print
Go Up Pages1
User actions