Suricata rules restored to default state #14173
Unanswered
AlexRtveliashvili
asked this question in
2.4
Replies: 1 comment 1 reply
-
|
The rule tuning that was removed was done through the Detections interface, correct? Did you change anything Suricata-related in the Configuration interface for SOC? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Yes, the rule tuning was done through the detections interface and I didn't change anything suricata-related in the configuration interface for SOC. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
2.4.110
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
8
RAM
32
Storage for /
500
Storage for /nsm
300
Network Traffic Collection
span port
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello SO team,
After a full update of Suricata rules all the modifications that we had made to the Suricata ruleset (Modifications in detection source, Tuning, Enabled and Disabled rules) were reverted back to default state. Created Suricata rules by the engineers however were unaffected.
Tuning of existing Suricata rules were removed.
Thanks for any feedback in advance, reply in thread if you need any more details.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions