[Oisf-users] suricata-update: Is there a way to only include specified files from a remote source?

Eric Urban eurban at umn.edu
Mon Jun 10 20:00:27 UTC 2019


In suricata-update, there is a way to ignore rule files either using the
"--ignore" option or the "ignore" section of the update.yaml file.  Is
there a way to instead specify which files should be included and to ignore
the rest?  This seems like a nice option to have for greater control of
remote sources.  The rule vendor could add a new category at any time so
these would be picked up by using the ignore option as they would not be
explicitly ignored.

One workaround would be to have an external script download the rules and
move them into some directory so that suricata-update handles them with the
"--local" option or "local" section of the config.  I thought I would ask
here to see if I am missing something before looking into a way around this.

-- 
Eric Urban
University Information Security | Office of Information Technology |
it.umn.edu
University of Minnesota | umn.edu
eurban at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190610/bfb1b83c/attachment.html>


More information about the Oisf-users mailing list