Open Information Security Foundation

03/27/2025

07:19 PM Suricata Bug #7630 (New): pass rules with alert; keyword log with a verdict of "alert" instead of "pass"

This rule:
pass tls $HOME_NET any -> any any (alert; tls.sni; content:"checkip.amazonaws.com"; sid:202502272;)
... Jesse Lepich

02/04/2025

10:07 PM Suricata Bug #7544 (New): Verdict output reports "alert" when traffic is allowed implicitly/passively

In IPS mode, when there are no rules except for an alert rules, traffic is "passed" (allowed implicitly/passively by ... Jesse Lepich