[Oisf-users] Change order to apply rules
Konstantin Klinger
Konstantin.Klinger at dcso.de
Sat Jun 15 06:53:29 UTC 2019
Hi KK,
Have you tried to put the path of your .conf files into the update.yaml? Suricata-Update should parse and use ist then. The default path is /etc/suricata/.
Cheers,
Konstantin
--
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)
+49 160 95476260<tel:+49%20160%2095476260>
konstantin.klinger at dcso.de<mailto:konstantin.klinger at dcso.de>
dcso.de<http://dcso.de/>
blog.dcso.de<http://blog.dcso.de/>
PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus
22 • 10829 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
Amtsgericht Charlottenburg HRB 172382
Am 15.06.2019 um 07:44 schrieb K K <nnex at mail.ru<mailto:nnex at mail.ru>>:
Hi, all!
As I understand in suricata-update apply disable.conf after enable.conf. How can I change this behavior?
I want to enable rules by regexp and make several exclude.
Thx
--
K K
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190615/5665cdf4/attachment.html>
More information about the Oisf-users
mailing list