[Oisf-users] Looking for suricata-update modify.conf Examples and Tutorials

John Peters psibur at gmail.com
Mon Aug 5 12:58:58 UTC 2019


One example is we have one rule (not a home brewed rule, but from external
source) that detects several callouts to web sites.  One of the sites is
legit and want to thin that out of the rest which we do want to see traffic
to.

On Sat, Aug 3, 2019 at 1:07 PM Jason Ish <jason.ish at oisf.net> wrote:

> On 2019-08-01 12:14 p.m., John Peters wrote:
> > I've been using suricata-update to pull as well as enable/disable rules,
> > but now I have a few use cases where I need to tweak & modify a couple
> > rules.  I'd like to learn to use the modify.conf file to help keep
> > things better organized.
> >
> > I see the example in the comments, which is good, but in my case I need
> > to add/remove/modify a couple fields in some custom rules and not sure
> > exactly where to begin.  Pointing in a direction to either some
> > tutorials or examples would be greatly appreciated.
>
> We don't have much in the ways of tutorials, we could probably add some
> more examples.  If you can provide more info on what type of
> modifications you would like to do, we can see what we can do in terms
> of adding examples.
>
> Thanks,
> Jason
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190805/80f43e04/attachment.html>


More information about the Oisf-users mailing list