Replies: 2 comments
-
|
Is the configuration making it to the sensor(s)? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
It seems that the exclusion activation takes lot of time. The exclusion started working around next day. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.170
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
16
RAM
32
Storage for /
200
Storage for /nsm
500
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I configured NIDS rule suppression for single source IP, but it's not working. I still receiving continous alerts from this source IP.
I think that I configured the suppression rule correctly. How can I suppress the source IP. I don't want to disable the rule. Just want to suppress from single source IP.
https://docs.securityonion.net/en/2.4/nids.html#managing-existing-nids-rules
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions