Disabling metadata #12981
Disabling metadata
#12981
Replies: 1 comment 3 replies
-
You could try removing the content match from your example. Another option might be BPF: |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
2.4.60
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
airgap
Hardware Specs
Exceeds minimum requirements
CPU
doest not matter
RAM
doest not matter
Storage for /
doest not matter
Storage for /nsm
doest not matter
Network Traffic Collection
tap
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I have a simple question yet I cannot find the answer anywhere. I am using suricata for metadata, but I want to disable some of the metadata sources entirely.
For example - I want to disable DNS metadata entirely, the provided examples for rules are only for disabling it for specific domains like
config dns any any -> any any (dns.query; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200000;)
How can I do it ? :)
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions