I’m using Suricata on an OPNSense machine at home and after reviewing the alerts realized that Synology NAS is hardcoded to make calls to QuickConnect.to domain for user convenience.
On my intrusion detection rules the .to TLD is blocked and hence the alert was generated. It was quiet insightful to even know that what my NAS is doing!
But these alerts are still clogging the UI in OPNSense, is there a way to enforce a policy that will either not log these alerts or just drop them from the UI?