[Oisf-users] Change order to apply rules

Konstantin Klinger Konstantin.Klinger at dcso.de
Sat Jun 15 06:53:29 UTC 2019


Hi KK,

Have you tried to put the path of your .conf files into the update.yaml? Suricata-Update should parse and use ist then. The default path is /etc/suricata/.

Cheers,
Konstantin

--
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)

+49 160 95476260<tel:+49%20160%2095476260>
konstantin.klinger at dcso.de<mailto:konstantin.klinger at dcso.de>

dcso.de<http://dcso.de/>
blog.dcso.de<http://blog.dcso.de/>

PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus
22 • 10829 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
Amtsgericht Charlottenburg HRB 172382

Am 15.06.2019 um 07:44 schrieb K K <nnex at mail.ru<mailto:nnex at mail.ru>>:

Hi, all!

As I understand in suricata-update apply disable.conf after enable.conf. How can I change this behavior?
I want to enable rules by regexp and make several exclude.

Thx

--
K K
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190615/5665cdf4/attachment.html>


More information about the Oisf-users mailing list