Hi everyone, im new to suricata and i encountered this aler ET DNS Query for .co TLD. should i disabled it, suppress it or live it enabled?
Thanks
You have to look up each event and determine if it’s real or a false positive, I have a video on tuning rules here https://youtu.be/S0-vsjhPDN0
its a false positive. thanks tom
1 Like