[Oisf-users] Looking for suricata-update modify.conf Examples and Tutorials
Jason Ish
jason.ish at oisf.net
Sat Aug 3 17:07:13 UTC 2019
On 2019-08-01 12:14 p.m., John Peters wrote:
> I've been using suricata-update to pull as well as enable/disable rules,
> but now I have a few use cases where I need to tweak & modify a couple
> rules. I'd like to learn to use the modify.conf file to help keep
> things better organized.
>
> I see the example in the comments, which is good, but in my case I need
> to add/remove/modify a couple fields in some custom rules and not sure
> exactly where to begin. Pointing in a direction to either some
> tutorials or examples would be greatly appreciated.
We don't have much in the ways of tutorials, we could probably add some
more examples. If you can provide more info on what type of
modifications you would like to do, we can see what we can do in terms
of adding examples.
Thanks,
Jason
More information about the Oisf-users
mailing list