Pfsense, Suricata alert ET DNS Query for .co TLD

Hi everyone, im new to suricata and i encountered this aler ET DNS Query for .co TLD. should i disabled it, suppress it or live it enabled?


You have to look up each event and determine if it’s real or a false positive, I have a video on tuning rules here

its a false positive. thanks tom

1 Like