V7 disabling rules
17 views
Skip to first unread message
Tim Guy
Jan 30, 2024, 10:53:50 AM1/30/24
to SELKS
Ive built a new fresh V7 and as always I have issues with the "ET Scan Potential SSH Scan '' because of devices out ojn the net that contact servers behind Selks.
Normally I add supressions to the rule but this time the alerts still continue to come, so I disabled the rule and I can see a strike through it on some pages but again the ET Scan keep coming.
Am I missing something obvious?
Tim
Peter Manev
Jan 30, 2024, 11:02:39 AM1/30/24
to Tim Guy, SELKS
Hi,
I think you need to push/update the changes - aka from the Suricata
tab in Scirius , do and update/push.
Thanks
Just an info note: you could join our online discord and chat live
with other members too.
> --
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/CAD61_NX%3DxTm0d%2BxFvsWM-gd31YHLzeCgf5aVg%3DqOyu42ppVqmQ%40mail.gmail.com.
--
Regards,
Peter Manev
I think you need to push/update the changes - aka from the Suricata
tab in Scirius , do and update/push.
Thanks
Just an info note: you could join our online discord and chat live
with other members too.
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/CAD61_NX%3DxTm0d%2BxFvsWM-gd31YHLzeCgf5aVg%3DqOyu42ppVqmQ%40mail.gmail.com.
--
Regards,
Peter Manev
Tim Guy
Feb 1, 2024, 10:35:38 AM2/1/24
to Peter Manev, SELKS
Thanks for replying.
I didn’t have to previously and that also hasn’t cured it.
I’ll investigate removing from cli or maybe I’ll try and reinstall again in case something happened to the build. Very strange.
Sent from my iPhone
> On 30 Jan 2024, at 16:02, Peter Manev <peter...@gmail.com> wrote:
>
> Hi,
I didn’t have to previously and that also hasn’t cured it.
I’ll investigate removing from cli or maybe I’ll try and reinstall again in case something happened to the build. Very strange.
Sent from my iPhone
> On 30 Jan 2024, at 16:02, Peter Manev <peter...@gmail.com> wrote:
>
> Hi,
Peter Manev
Feb 3, 2024, 11:48:04 AM2/3/24
to Tim Guy, SELKS
Hi,
Just curious - did you do the update push while selecting all options
- please see the screenshot attached as a reference.
One more thing to check is - if you restart the container/suricata -
would it behave as expected?
Thank you
--
Regards,
Peter Manev
Just curious - did you do the update push while selecting all options
- please see the screenshot attached as a reference.
One more thing to check is - if you restart the container/suricata -
would it behave as expected?
Thank you
Regards,
Peter Manev
Reply all
Reply to author
Forward
0 new messages