Open timguyuk opened 3 months ago
I have managed to add hunting suppressions but when i goto hunting / policies I get "failed to fetch policies statistics"
also https://x.x.x.x/rules/rule/pk/2001219/ doesnt match hunting policies so still have issue
Ive tried a few different browsers.
Permissions?
Reinstalled today to make sure it wasnt something weird. Still problems. Everything appears to work I just can confidently say that suppression is working. Certainly all the errors from my first post stand.
Hi,
Are there any errors in docker/containers-data/scirius/logs/django-error.log
, if you could share those please?
Thanks
Another way to do the suppression manually is to use the docker/containers-data/suricata/etc/threshold.config
and edit it directly, afterwhich you just need to restart the suricata container.
Hi,
Are there any errors in
docker/containers-data/scirius/logs/django-error.log
, if you could share those please?Thanks
Very basic reinstall and trying to add a supression on the first event and the django-error.log gives
2024-07-04 10:22:28,834 WARNING Not Found: /favicon.ico 2024-07-05 09:51:38,453 WARNING Bad Request: /rest/rules/processing-filter/
Does the workaround work ? (in my previous comment)
Is there an existing issue for this?
Current Behavior
Installing Selks 10 I have the system up and running. I have a internal server that is hit by authorised traffic but ET SCAN Potential SSH Scan picks it up. no problem I add the authorised src ips to suppression accept I cant in selks 10. If I try and add from the hunting Dashboard I get a 400 Bad Request. Within https://x.x.x.x/rules/rule I can no longer click on the comments to see the suppression. I can goto history there are entry's but no information other than ip 172.18.0.2? If I goto https://x.x.x.x/rules/ruleset/1/ I can see suppressions but if I click on the id number i get "Server Error (500)"
Expected Behavior
No response
Steps To Reproduce
Anything else?
No response