Hi,
Is it possible to enable different rulesets/rules to different interfaces and specifically VLANS.
Some Examples:
Work VLAN: Company is using zscaler, etc for networking and IDS is going crazy trying to analyse that traffic. I want to disable some rules.
Personal VLAN: I want a few more rules enabled but nothing crazy.
Kids VLAN: This is for computer literate and inquisitive teenagers. I want everything enabled including the kitchen sink.
Thanks
This is not possible as suricata operates with netmap framework. Meaning, prior to when VLAN's are processed.