Selks 10 Suppression gives 400 Bad Request
11 views
Skip to first unread message
Tim Guy
Jun 27, 2024, 8:18:15 AM6/27/24
to SELKS
Installing Selks 10 I have the system up and running. I have an internal server that is hit by authorised traffic but ET SCAN Potential SSH Scan picks it up. no problem I add the authorised src ips to suppression accept I cant in selks 10. If I try and add from the hunting Dashboard I get a 400 Bad Request. Within https://x.x.x.x/rules/rule I can no longer click on the comments to see the suppression. I can goto history there are entry's but no information other than ip 172.18.0.2 If I goto https://x.x.x.x/rules/ruleset/1/ I can see suppressions but if I click on the id number i get "Server Error (500)"
Steps To Reproduce
- Goto hunting dashboard
- Filter by Source IP
- Policy Actions / Supress
- Default Rule Set / Comments
- Submit
- 400 Bad Reques
Reinstalled today to make sure it wasnt something weird. Still problems. Everything appears to work I just can confidently say that suppression is working. Certainly all the errors from my first post stand.
Any ideas?
Peter Manev
Jun 27, 2024, 4:19:53 PM6/27/24
to Tim Guy, SELKS
Hi Tim,
Thank you for the report - can you please open an issue on our github
with the same info ?
> --
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/CAD61_NUB-%3DmFijroWee%2BfWWE8o_T%2BkqZjd4QCjRCkr-gHivXeA%40mail.gmail.com.
--
Regards,
Peter Manev
Thank you for the report - can you please open an issue on our github
with the same info ?
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/selks/CAD61_NUB-%3DmFijroWee%2BfWWE8o_T%2BkqZjd4QCjRCkr-gHivXeA%40mail.gmail.com.
--
Regards,
Peter Manev
Peter Manev
Jun 27, 2024, 4:21:17 PM6/27/24
to Tim Guy, SELKS
Or rather - is this the same issue here
https://github.com/StamusNetworks/SELKS/issues/473 ?
Thanks!
--
Regards,
Peter Manev
https://github.com/StamusNetworks/SELKS/issues/473 ?
Thanks!
Regards,
Peter Manev
Tim Guy
Jun 27, 2024, 4:24:13 PM6/27/24
to Peter Manev, SELKS
Hi Peter
Yea did that yesterday. This post was a copy and paste of the original github post.
Regards.
Tim
Sent from my iPhone
> On 27 Jun 2024, at 21:21, Peter Manev <peter...@gmail.com> wrote:
>
> Or rather - is this the same issue here
Yea did that yesterday. This post was a copy and paste of the original github post.
Regards.
Tim
Sent from my iPhone
> On 27 Jun 2024, at 21:21, Peter Manev <peter...@gmail.com> wrote:
>
> Or rather - is this the same issue here
Tim Guy
Jun 27, 2024, 4:25:22 PM6/27/24
to Peter Manev, SELKS
That’s it. I managed to close the report but reopened it. Sorry about that.
> Or rather - is this the same issue here
> Or rather - is this the same issue here
Peter Manev
Jun 28, 2024, 3:19:50 AM6/28/24
to Tim Guy, SELKS
No issue at all
Thanks for reporting it.
> --
> Regards,
> Peter Manev
> On 27 Jun 2024, at 23:25, Tim Guy <timg...@gmail.com> wrote:
>
> That’s it. I managed to close the report but reopened it. Sorry about that.
Thanks for reporting it.
> --
> Regards,
> Peter Manev
> On 27 Jun 2024, at 23:25, Tim Guy <timg...@gmail.com> wrote:
>
> That’s it. I managed to close the report but reopened it. Sorry about that.
Reply all
Reply to author
Forward
0 new messages