[Oisf-users] Modifying existing Rules
James Moe
jimoe at sohnen-moe.com
Tue Apr 28 22:16:16 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
linux 3.16.7-21-desktop x86_64
suricata 2.0.7
The initial test runs have shown that some hosts generate false
positives for certain rules. My plan is to disable those and add a
modified version in <local.rules>.
My question is about the Signature ID.
- - Should the same sid be used?
- - Is there a convention for modified rule signatures?
- - Is there a convention for user-created rule signatures?
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVABrAACgkQzTcr8Prq0ZO0vgCgtZfeFOJmksLfbc+QE6TCdL4Q
MhMAn1tP8to5T2PDqUES9utvB9U8MFDH
=P6SN
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list