Hi guys, i received a bunch of alerts labelled as “Suricata Stream CLOSEWAIT FIN out of window”, would you guys please share when i can mute the output of this kind of logs? Thanks a lot!
The simplest solution would be to just not use this rule which is mostly to check for problematic traffic. If it’s from specific flows you could also use the suppress feature.