[Oisf-users] Change order to apply rules

K K nnex at mail.ru
Sun Jun 16 05:46:39 UTC 2019

Yes, I tried. But row order (disable-conf, enable-conf) in update.yaml didn’t affect.

>Суббота, 15 июня 2019, 9:53 +03:00 от Konstantin Klinger <konstantin.klinger at dcso.de>:
>Hi KK,
>Have you tried to put the path of your .conf files into the update.yaml? Suricata-Update should parse and use ist then. The default path is /etc/suricata/.
>Konstantin Klinger
>Security Content Engineer
>Threat Detection & Hunting (TDH)
>+49 160 95476260
>konstantin.klinger at dcso.de
>PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46
>DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus
>22 • 10829 Berlin, Germany
>Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
>Amtsgericht Charlottenburg HRB 172382
>Am 15.06.2019 um 07:44 schrieb K K < nnex at mail.ru >:
>>Hi, all!
>>As I understand in suricata-update apply disable.conf after enable.conf. How can I change this behavior?
>>I want to enable rules by regexp and make several exclude.
>>K K
>>Suricata IDS Users mailing list:  oisf-users at openinfosecfoundation.org
>>Site:  http://suricata-ids.org | Support:  http://suricata-ids.org/support/
>>List:  https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>Conference:  https://suricon.net
>>Trainings:  https://suricata-ids.org/training/ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190616/abd97287/attachment.html>

More information about the Oisf-users mailing list