[Oisf-users] Modifying existing Rules

James Moe jimoe at sohnen-moe.com
Tue Apr 28 22:16:16 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
  linux 3.16.7-21-desktop x86_64
  suricata 2.0.7

  The initial test runs have shown that some hosts generate false
positives for certain rules. My plan is to disable those and add a
modified version in <local.rules>.
  My question is about the Signature ID.
- - Should the same sid be used?
- - Is there a convention for modified rule signatures?
- - Is there a convention for user-created rule signatures?

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlVABrAACgkQzTcr8Prq0ZO0vgCgtZfeFOJmksLfbc+QE6TCdL4Q
MhMAn1tP8to5T2PDqUES9utvB9U8MFDH
=P6SN
-----END PGP SIGNATURE-----


More information about the Oisf-users mailing list