Testing some custom rules for now in Suricata within my dmz. I cant get these signatures to alert.
The way i test is by going into a system within my dmz and do a wget to https:example.com:1234
Destination port is allowed in the firewall rules. Nothing in the Suricata alerts. Any idea on what im doing wrong.
alert ssh $HOME_NET any -> $EXTERNAL_NET !22 (msg:"SSH TRAFFIC on non-SSH port"; flow:to_server, not_established; classtype: misc-attack; target: dest_ip; sid:1000000;) alert tls $HOME_NET any -> $EXTERNAL_NET !443 (msg:"HTTPS REQUEST on non-HTTPS port"; flow:to_server, not_established; classtype:misc-activity; sid:1000002;)```