Feature request: use of suricata 'ignoring traffic' features

[elektroinside]

This would be the starting point:
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html

It would be very nice if these could be implemented in the GUI, at least capture filters, as they look like easy to implement :)

Many thanks!

[franco]

For anyone following, the GitHub issue was posted via https://github.com/opnsense/core/issues/2110


Thank you,
Franco

[elektroinside]

Oh, nice, somebody else is interested in this as well  :P

Thank you both :)

[AC]

And one more :) 8)

[Almosetx]

It is good that we are involved in the question that came up.

[AC]

I'm interessted in this as well. In pfsense you can make supress lists to exclude special hosts from a rule. Now I just can deactivate the whole rule for my whole network if it's blocking traffic to just one host.

I think that's an important enterprise feature because I have some hosts in my company network that use some kind of java application, but suricata blocked that, so I deactivated the whole rule, exposing all other clients to that particular "attack".

I've seen the feature was proposed for 18.7 but now it changed to no version... I'm really waiting for this. It makes no sense for me to buy the ET-Pro-Ruleset if I have to deactivate one whole rule just because one client triggered it as false positiv. :-\

[franco]

Sorry, my bad, we added a shared 18.7 GitHub project, but it's not visible to non-members. I've put the milestone back now.

https://imgur.com/a/1VBgp


Cheers,
Franco