Suricata - Ignore Geo Block Alerts

loelz · September 02, 2017, 12:21:28 AM

I followed this great guide to block certain countries through the Intrusion Detection in OPNsense.
https://docs.opnsense.org/manual/how-tos/ips-geoip.html

Obviously I now get A LOT of alerts because of this, and I wonder how I can filter out alerts spawned from the above mentioned guide in the alerts tab?

Would be nice when you create a user defined rule, you could set it to never log actions done by the rule.

Suricata - Ignore Geo Block Alerts

loelz

September 02, 2017, 12:21:28 AM