Suricata not matching a packet

What happens to a packet that has no matching rule in Suricata. I assume it is ignored, but haven’t found any definitive info on this.

So, if my assumption is correct and the packet is ignored, would it be better to capture all non pass matched packets with a drop rule for performance purposes or would the drop rule just increase the resource usage?

Essentially I am asking if matching every packet is a better approach. What are the pros and cons?

How do I decode this Suricata code ? how to understand what it means?

alert http any any ->; $ EXTERNAL_NET any ( msg:"What do I alert on?"; content:"POST"; http_method; content:"Content-Type|3a 20|application/json"; http_header; fast_pattern; pcre:ā€/^{email:\"[^\"]+\"\,password:\"[^\"]+\"}$ /Pā€; flow:to_server,established; metadata:date 2019-01-01; classtype:trojan-activity; sid:2019; rev:3;

Suricata logs “A Network Trojan was detected”. Is it false positive?

I use the Suricata as IDS on the local network that it doesn’t the internet. It logged a few alerts from some clients that said A Network Trojan was detected. All log’s properties are in the following:

Protocol: 006
Source: Client IP
Destination: Server IP
Signature: ET POLICY SMB2 NT Create AdnX Request For an Executable File in a Temp Directory. Category: A Network Trojan was detected

I have Kaspersky antivirus that updated and also I have Malwarebytes that updates too, however, they hadn’t detected any trojans.


Is this a false positive or maybe a real trojan that the antimalware can’t detect it?

Server OS: Windows server 2012
Client OS: Windows 7 and 10

Virustotal detecting threats in Suricata rule set

Virustotal scans are detecting threats from the Suricata default rule pack located

Is this a false positive?