Show me your BPF #9575

oneCrazyAdmin · 2023-01-13T20:29:26Z

oneCrazyAdmin
Jan 13, 2023

We have a lot of traffic that we are taping. I have seen some suggestions on what to filter out from zeek, suricata, and stenographer.

what I have filtered out is

DNS requests from my internal DNS servers to the google servers in zeek and Suricata
SNMP packets from my monitoring servers to my network devices in zeek and Suricata and Stenographer
SSL packet from stenographer

Are there other network flows that don't make sense to go through and or all of these applications?

InfosecGoon · 2023-01-18T15:28:24Z

InfosecGoon
Jan 18, 2023

Many people filter out traffic from their internal vulnerability scanners, especially from Suricata. Lots of alerts, all false positives.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Show me your BPF #9575

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Show me your BPF #9575

Uh oh!

oneCrazyAdmin Jan 13, 2023

Replies: 1 comment

Uh oh!

InfosecGoon Jan 18, 2023

oneCrazyAdmin
Jan 13, 2023

InfosecGoon
Jan 18, 2023