The Suricata `Stream` set of signatures generate alot of noi

Question

The Suricata `Stream` set of signatures generate alot of noise They should be interpreted more as `info` level logs more focused on adding context to a situation Tbh I typically disable them on PROD deployments The most likely reason is because the Fleet server is offline

Mystery Incorporated · Answer

Yep I been disabling the alerts and rules as I see them I don t really care if an ACK is sent out of sequence or whatever Mostly posting incase it is an issue in the way they are doing the TCP handshakes or something that needs to be remedied yea probably is the server is offline so it s not getting the SYN ACK or whatever somes next

Mike Myers · Answer

I am 99 5 sure there s nothing custom about how osquery or Fleet does TCP IP