EFW Support

Support => General Support => Topic started by: Nclear on Monday 30 August 2021, 07:01:01 am


Title: Snort Flow Bits 263 out of 1024 in use?
Post by: Nclear on Monday 30 August 2021, 07:01:01 am
Hello,

Im seeing this in the system logs after starting snort, how would you go about resolving this issue? Here is the list of flowbits not checked.

   2021-08-29 13:51:31   snort (12132) +++++++++++++++++++++++++++++++++++++++++++++++++++
System   2021-08-29 13:51:31   snort (12132) Initializing rule chains...
System   2021-08-29 13:51:31   snort (12132) /var/signatures/snort/processed/auto/3coresec.rules(7) threshold (in rule) is deprecated; use detection_filter instead.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Tesch" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.koobfacecheck" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.HTA.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.applephish" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.DROPIP" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "et.GENOME.AV" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.zipfile" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.IRC.BOT.CntSOCPU" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.gz" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Multimedia.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET..in.http" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Anunanak.HTTP.1" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ETPRO.Microsoft.Excel" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.MP4.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.docx" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ETPRO.njratgeneric" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.genericphish_Tesco" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Cryptocurrency_Phish" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.SecondaryFlash.Req" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.rar" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.TorIP" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.vbs" is set but not ever checked.


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media