<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
Hi KK,
<div><br>
</div>
<div>Have you tried to put the path of your .conf files into the update.yaml? Suricata-Update should parse and use ist then. The default path is /etc/suricata/.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Konstantin <br>
<br>
<div id="AppleMailSignature" dir="ltr"><span style="background-color: rgba(255, 255, 255, 0);">-- <br>
Konstantin Klinger<br>
Security Content Engineer<br>
Threat Detection & Hunting (TDH)<br>
<br>
<a href="tel:+49%20160%2095476260" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="1">+49 160 95476260</a><br>
<a href="mailto:konstantin.klinger@dcso.de" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="2">konstantin.klinger@dcso.de</a><br>
<br>
<a href="http://dcso.de/" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="3">dcso.de</a><br>
<a href="http://blog.dcso.de/" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="4">blog.dcso.de</a><br>
<br>
PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46<br>
 <br>
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus<br>
22 • 10829 Berlin, Germany<br>
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,<br>
Amtsgericht Charlottenburg HRB 172382</span></div>
<div dir="ltr"><br>
Am 15.06.2019 um 07:44 schrieb K K <<a href="mailto:nnex@mail.ru">nnex@mail.ru</a>>:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi, all!<br>
<br>
As I understand in suricata-update apply disable.conf after enable.conf. How can I change this behavior?<br>
I want to enable rules by regexp and make several exclude.<br>
<br>
Thx</div>
<div> </div>
<div data-signature-widget="container">
<div data-signature-widget="content">
<div>--<br>
K K</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div dir="ltr"><span>_______________________________________________</span><br>
<span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">
oisf-users@openinfosecfoundation.org</a></span><br>
<span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support:
<a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br>
<span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br>
<span></span><br>
<span>Conference: <a href="https://suricon.net">https://suricon.net</a></span><br>
<span>Trainings: <a href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></span></div>
</blockquote>
</div>
</body>
</html>