[Oisf-users] Looking for suricata-update modify.conf Examples and Tutorials

Jason Ish jason.ish at oisf.net
Wed Aug 7 05:22:23 UTC 2019 

Do you have a concrete example of some input and what you'd like the
output to look like?

Thanks,
Jason

On 2019-08-05 6:58 a.m., John Peters wrote:
> One example is we have one rule (not a home brewed rule, but from
> external source) that detects several callouts to web sites.  One of the
> sites is legit and want to thin that out of the rest which we do want to
> see traffic to.
> 
> On Sat, Aug 3, 2019 at 1:07 PM Jason Ish <jason.ish at oisf.net
> <mailto:jason.ish at oisf.net>> wrote:
> 
>     On 2019-08-01 12:14 p.m., John Peters wrote:
>     > I've been using suricata-update to pull as well as enable/disable
>     rules,
>     > but now I have a few use cases where I need to tweak & modify a couple
>     > rules.  I'd like to learn to use the modify.conf file to help keep
>     > things better organized.  
>     >
>     > I see the example in the comments, which is good, but in my case I
>     need
>     > to add/remove/modify a couple fields in some custom rules and not sure
>     > exactly where to begin.  Pointing in a direction to either some
>     > tutorials or examples would be greatly appreciated.
> 
>     We don't have much in the ways of tutorials, we could probably add some
>     more examples.  If you can provide more info on what type of
>     modifications you would like to do, we can see what we can do in terms
>     of adding examples.
> 
>     Thanks,
>     Jason
> 
>     _______________________________________________
>     Suricata IDS Users mailing list:
>     oisf-users at openinfosecfoundation.org
>     <mailto:oisf-users at openinfosecfoundation.org>
>     Site: http://suricata-ids.org | Support:
>     http://suricata-ids.org/support/
>     List:
>     https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
>     Conference: https://suricon.net
>     Trainings: https://suricata-ids.org/training/
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>

More information about the Oisf-users mailing list