[Oisf-users] Change order to apply rules
K K
nnex at mail.ru
Sun Jun 16 05:46:39 UTC 2019
Yes, I tried. But row order (disable-conf, enable-conf) in update.yaml didn’t affect.
>Суббота, 15 июня 2019, 9:53 +03:00 от Konstantin Klinger <konstantin.klinger at dcso.de>:
>
>Hi KK,
>
>Have you tried to put the path of your .conf files into the update.yaml? Suricata-Update should parse and use ist then. The default path is /etc/suricata/.
>
>Cheers,
>Konstantin
>
>--
>Konstantin Klinger
>Security Content Engineer
>Threat Detection & Hunting (TDH)
>
>+49 160 95476260
>konstantin.klinger at dcso.de
>
>dcso.de
>blog.dcso.de
>
>PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46
>
>DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus
>22 • 10829 Berlin, Germany
>Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
>Amtsgericht Charlottenburg HRB 172382
>
>Am 15.06.2019 um 07:44 schrieb K K < nnex at mail.ru >:
>
>>Hi, all!
>>
>>As I understand in suricata-update apply disable.conf after enable.conf. How can I change this behavior?
>>I want to enable rules by regexp and make several exclude.
>>
>>Thx
>>
>>--
>>K K
>>_______________________________________________
>>Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>Conference: https://suricon.net
>>Trainings: https://suricata-ids.org/training/
--
K K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190616/abd97287/attachment.html>
More information about the Oisf-users
mailing list