Support #2967
closedModbus Alerts
Description
Hi guys,
I've enabled Modbus in the configuration file and tested Suricata with both Modbus rules with the pcap attached, but it doesn't generate any alert.
Could you give me an example of a functioning Modbus rule?
Thank you
Files
Updated by Victor Julien almost 5 years ago
Does it work if you add '-k none' to your commandline? The pcap is full of bad checksums.
Updated by José Monteiro almost 5 years ago
Victor Julien wrote:
Does it work if you add '-k none' to your commandline? The pcap is full of bad checksums.
I already tried that but it didn't work also.
Updated by José Monteiro almost 5 years ago
Does anyone have suggestions or can give an example of a Modbus rule?
Updated by Peter Manev almost 5 years ago
Here you can find a few examples - https://github.com/OISF/suricata/blob/master/rules/modbus-events.rules
Updated by José Monteiro almost 5 years ago
Peter Manev wrote:
Here you can find a few examples - https://github.com/OISF/suricata/blob/master/rules/modbus-events.rules
Thank you!
Updated by Andreas Herz almost 5 years ago
- Assignee set to Community Ticket
- Target version set to Support
Updated by Victor Julien almost 5 years ago
- Status changed from New to Closed
- Assignee deleted (
Community Ticket) - Target version deleted (
Support)