Hello
I installed suricata and false positive! I have
I put these settings in suricata.yml:
rule-suppression
enabled: yes
filename: /var/lib/suricata/rules/suppression.rules
And I added this to the rules: suppress gen_id 1, sig_id 2802104, track by_src, ip 192.168.1.20
But when I get suricata -T it gives me an error
please help for me!!!
suppressions should be put in threshold.config, not in regular rule files.
In general I’m confused about the things you posted, as this doesn’t look like a Suricata configuration.