Project

General

Profile

Actions

Support #4693

closed

how to set flow value to ignore this warnings

Added by zhang xx over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Affected Versions:
Label:

Description

  1. warning data

```

18/9/2021 -- 15:20:40 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2016502 and 5 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'NtDll.ImageBase.Module.Called' is checked but not set. Checked in 2012100 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'smb.tree.bind.llsrpc' is checked but not set. Checked in 2103114 and 15 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.http.hta' is checked but not set. Checked in 2024196 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.armwget' is checked but not set. Checked in 2024241 and 1 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.pdf.in.http' is checked but not set. Checked in 2017150 and 2 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JavaNotJar' is checked but not set. Checked in 2016540 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2016396 and 3 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.wpphish' is checked but not set. Checked in 2031983 and 1 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.ass.request' is checked but not set. Checked in 2010758 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.ms08067_header' is checked but not set. Checked in 2008739 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'OLE.CompoundFile' is checked but not set. Checked in 2015809 and 2 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit '10000062' is checked but not set. Checked in 10000063 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.AVI.RIFF.Chunk' is checked but not set. Checked in 2012143 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'DXF.Ext.Access' is checked but not set. Checked in 2012153 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET_Assassin.ses' is checked but not set. Checked in 2012814 and 0 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'OLE.WithFlash' is checked but not set. Checked in 2016397 and 1 other sigs
18/9/2021 -- 15:20:46 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs

```

how to set value to ignore this warnings

Actions #1

Updated by Victor Julien over 2 years ago

This message means that you're loading rules that depend on a flowbit that is never set anywhere. So the rules can never match. If you use suricata-update to update your ruleset it should take care of enabling the relevant rules.

Actions #2

Updated by Andreas Herz about 2 years ago

  • Status changed from New to Closed

Solution and explanation provided

Actions

Also available in: Atom PDF