Proplem with suricate after upgarde from 2.3.140 to 2.3.160 #8765
Replies: 1 comment 1 reply
-
|
I suspect that you're using a Snort ruleset and its Shared Object rules are firing since they are not fully compatible with Suricata. If that's the case, you'll want to disable the Shared Object rules as shown here: |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
I came to the same conclusion. I just wonder why there was no such problem before the update. I suppose before the update, Surricata wasn't working properly, although it did log various events at times. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
After updating the suricata, she started to win a lot of alerts. It detects various problems even in local traffic, e.g.
MALWARE-CNC FF-RAT outbound connection attempt
PUA-P2P WinNY connection attempt
NETBIOS SMB write_andx overflow attempt
OS-WINDOWS PGM on the overflow attempt list
SERVER-OTHER Cisco ASA SCPS command injection attempt
....
and 100 others
I checked with other tools the traffic is not infected.
Suricata detects several thousand alerts per minute. As I checked, it looks like the traffic is infected. The alerts appeared exactly after the OS update was completed.
What could be the cause?
How can I run a previous version of Suricata?
How do I disable Suricata until the problem is resolved?
Beta Was this translation helpful? Give feedback.
All reactions