False-positive hits

[Serhii Kovalenko]

Hello everyone,

Hope you're doing well.

I have three rules in Suricata that give an increased number of hits, I found out that all of these hits are fall-positive (without negatively affecting my system). I would like to know how I can mark (or transform) a rule as such that it produces fall-positive triggers, so that there is kind of a label that these rules and their hits can be ignored. 

Thanks in advance for your help.

Best regards,

[Peter Manev]

Hi,

You can use suppression or thresholding from Scirius Management or
from the Hunting page, Please see the attached screenshot:


Thank you

> --
> IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/theblog/
> Twitter: @StamusN
> g+: Stamus Networks
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/f64609d3-844e-4ce8-a5ab-b0dd8c6a6187n%40googlegroups.com.



--
Regards,
Peter Manev