Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add blocking of traffic caused by snort rule 58741 #373

Merged
merged 1 commit into from
Aug 23, 2024
Merged

Add blocking of traffic caused by snort rule 58741 #373

merged 1 commit into from
Aug 23, 2024

Conversation

cweibel
Copy link
Contributor

@cweibel cweibel commented Aug 23, 2024

Changes proposed in this pull request:

  • Second time we've received an alert in the last 6 months for this, just going to block the traffic based on this rule instead of alerting and investigating
  • Mutes the existing alert rule and adds a drop rule with a unique identifier which is the original rule number with 3 zeroes appended to keep it out of the number sequences assigned by snort maintainers: 58741000

security considerations

Blocks traffic instead of simply alerting

@cweibel cweibel requested a review from rcgottlieb August 23, 2024 14:01
@cweibel cweibel requested a review from a team as a code owner August 23, 2024 14:01
@cweibel cweibel merged commit 1793f54 into main Aug 23, 2024
1 check passed
@cweibel cweibel deleted the 58741 branch August 23, 2024 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markdboyd markdboyd markdboyd approved these changes

@rcgottlieb rcgottlieb Awaiting requested review from rcgottlieb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cweibel @markdboyd