Suricata suppress rule error

darab · July 24, 2023, 6:00am

Hello
I installed suricata and false positive! I have
I put these settings in suricata.yml:
rule-suppression
enabled: yes
filename: /var/lib/suricata/rules/suppression.rules
And I added this to the rules: suppress gen_id 1, sig_id 2802104, track by_src, ip 192.168.1.20
But when I get suricata -T it gives me an error

darab · July 24, 2023, 6:01am

please help for me!!!

vjulien · July 25, 2023, 7:59am

suppressions should be put in threshold.config, not in regular rule files.

In general I’m confused about the things you posted, as this doesn’t look like a Suricata configuration.

Topic		Replies	Views
Unable to supress SURICATA STREAM alerts Rules rules , suricata	3	333	October 25, 2023
Rule tuning and management - Exclusions and false positives Help	2	1167	February 4, 2022
Suricata-update adds commented/disabled rules to the suricata.rules Rules	8	2834	January 5, 2021
All of a sudden new entries in disable.conf being ignored Help	8	1443	October 28, 2022
Suricata - disable.conf seems not working Rules	2	801	July 8, 2021

Suricata suppress rule error

Related Topics