Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Poor Reputation Groups
« previous
next »
Print
Pages: [
1
]
Author
Topic: Poor Reputation Groups (Read 864 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Poor Reputation Groups
«
on:
February 09, 2024, 04:56:22 pm »
Hello all,
I have alot of poor reputation group alerts in Suricata. Is there a way to drop them en mass, rather than having to hit them one at a time? Is there a downside to dropping them en mass?
Thanks,
Steve
Logged
JakaylaLee
Newbie
Posts: 6
Karma: 0
Re: Poor Reputation Groups
«
Reply #1 on:
February 17, 2024, 01:20:31 am »
Suricata provides the flexibility to handle alerts, including those related to poor reputation groups, in various ways. Dropping alerts en masse can be a quick solution, but it's essential to consider potential downsides and implications. Suricata rules can be configured to take specific actions upon triggering an alert, such as dropping packets associated with the alert. You can configure Suricata to drop packets for all alerts matching a particular rule or category. This approach involves modifying the Suricata configuration file to adjust the action taken for alerts from poor reputation groups. You would modify the "drop" action for the relevant rule or category. Dropping alerts en masse can be effective in blocking potentially malicious traffic associated with poor reputation groups, thereby reducing the risk of security incidents.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Poor Reputation Groups
«
Reply #2 on:
February 19, 2024, 02:54:53 am »
Let me ask the question in a different way...
I am noticing that the drops I setup are still showing up in the log. I do not care to see them. Is there a way to have them removed from the log, so I can see what is still in Alert status?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Poor Reputation Groups