====== PFSense - Suricata - Alerts ====== See [[https://redmine.openinfosecfoundation.org/projects/suricata|Suricata Redmine site]] for further information. ---- [[PFSense:Suricata:Alerts:Disable an entire group of rules|Disable an entire group of rules]] ---- [[PFSense:Suricata:Alerts:ET CINS Active Threat Intelligence Poor Reputation IP|ET CINS Active Threat Intelligence Poor Reputation IP]] [[PFSense:Suricata:Alerts:ET DROP Dshield Block Listed Source group 1|ET DROP Dshield Block Listed Source group 1]] [[PFSense:Suricata:Alerts:ET POLICY PE EXE or DLL Windows file download HTTP|ET POLICY PE EXE or DLL Windows file download HTTP]] [[PFSense:Suricata:Alerts:ET SCAN Internal Dummy Connection User-Agent Inbound|ET SCAN Internal Dummy Connection User-Agent Inbound]] [[PFSense:Suricata:Alerts:ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response|ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response]] [[PFSense:Suricata:Alerts:ET SCAN Sipvicious User-Agent Detected (friendly-scanner)|ET SCAN Sipvicious User-Agent Detected (friendly-scanner)]] [[PFSense:Suricata:Alerts:ET TOR Known Tor Exit Node Traffic group 60|ET TOR Known Tor Exit Node Traffic group 60]] [[PFSense:Suricata:Alerts:ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26|ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26]] [[PFSense:Suricata:Alerts:SURICATA Applayer Mismatch protocol both directions|SURICATA Applayer Mismatch protocol both directions]] [[PFSense:Suricata:Alerts:SURICATA Applayer Wrong direction first Data|SURICATA Applayer Wrong direction first Data]] [[PFSense:Suricata:Alerts:SURICATA HTTP Host header invalid|SURICATA HTTP Host header invalid]] [[PFSense:Suricata:Alerts:SURICATA HTTP Request line incomplete|SURICATA HTTP Request line incomplete]] [[PFSense:Suricata:Alerts:SURICATA HTTP Request unrecognized authorization method|SURICATA HTTP Request unrecognized authorization method]] [[PFSense:Suricata:Alerts:SURICATA HTTP unable to match response to request|SURICATA HTTP unable to match response to request]] [[PFSense:Suricata:Alerts:SURICATA ICMPv4 invalid checksum|SURICATA ICMPv4 invalid checksum]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Auth)|SURICATA IKEv2 weak cryptographic parameters (Auth)]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)|SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (Encryption)|SURICATA IKEv2 weak cryptographic parameters (Encryption)]] [[PFSense:Suricata:Alerts:SURICATA IKEv2 weak cryptographic parameters (PRF)|SURICATA IKEv2 weak cryptographic parameters (PRF)]] [[PFSense:Suricata:Alerts:SURICATA STREAM 3way handshake SYNACK with wrong ack|SURICATA STREAM 3way handshake SYNACK with wrong ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM 3way handshake SYNACK resend with different ack|SURICATA STREAM 3way handshake SYNACK resend with different ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM 3way handshake SYN resend different seq on SYN recv|SURICATA STREAM 3way handshake SYN resend different seq on SYN recv]] [[PFSense:Suricata:Alerts:SURICATA STREAM 3way handshake wrong seq wrong ack|SURICATA STREAM 3way handshake wrong seq wrong ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM bad window update|SURICATA STREAM bad window update]] [[PFSense:Suricata:Alerts:SURICATA STREAM CLOSEWAIT FIN out of window|SURICATA STREAM CLOSEWAIT FIN out of window]] [[PFSense:Suricata:Alerts:SURICATA STREAM ESTABLISHED invalid ack|SURICATA STREAM ESTABLISHED invalid ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM ESTABLISHED packet out of window|SURICATA STREAM ESTABLISHED packet out of window]] [[PFSense:Suricata:Alerts:SURICATA STREAM excessive retransmissions|SURICATA STREAM excessive retransmissions]] [[PFSense:Suricata:Alerts:SURICATA STREAM FIN invalid ack|SURICATA STREAM FIN invalid ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM FIN out of window|SURICATA STREAM FIN out of window]] [[PFSense:Suricata:Alerts:SURICATA STREAM Packet with invalid ack|SURICATA STREAM Packet with invalid ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM Packet with invalid timestamp|SURICATA STREAM Packet with invalid timestamp]] [[PFSense:Suricata:Alerts:SURICATA STREAM reassembly overlap with different data|SURICATA STREAM reassembly overlap with different data]] [[PFSense:Suricata:Alerts:SURICATA STREAM SHUTDOWN RST invalid ack|SURICATA STREAM SHUTDOWN RST invalid ack]] [[PFSense:Suricata:Alerts:SURICATA STREAM TIMEWAIT ACK with wrong seq|SURICATA STREAM TIMEWAIT ACK with wrong seq]] [[PFSense:Suricata:Alerts:SURICATA UDPv4 invalid checksum|SURICATA UDPv4 invalid checksum]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid handshake message|SURICATA TLS invalid handshake message]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record/traffic|SURICATA TLS invalid record/traffic]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid record type|SURICATA TLS invalid record type]] [[PFSense:Suricata:Alerts:SURICATA TLS invalid TLS header|SURICATA TLS invalid TLS header]] ---- ===== References ===== https://suricata.readthedocs.io/en/latest/rules/