Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: nzkiwi68 on July 31, 2021, 01:36:10 AM

Title: 21.7 adding custom rules to IDS doesn't seem to work
Post by: nzkiwi68 on July 31, 2021, 01:36:10 AM
I can't get my custom IDS rules to load. I've rebooted, waited a day, etc. Perhaps when using Proofpoint ET ruleset it won't add custom rules??

Here my file "spamhausBCL.xml" and it's placed in usr/local/opnsense/scripts/suricata/metadata/rules/spamhausBCL.xml

Code Select

<?xml version="1.0"?>
<ruleset>
    <location url="https://pub-api.spamhaus.org/api/snort/" prefix="spamhausBCL"/>
    <files>
        <file url="https://pub-api.spamhaus.org/api/snort/?account=xxxxxxxxxxxxxxx&key=yyyyyyyyyyyyy"
              description="Spamhaus Botnet Controller List"
              documentation_url="https://www.spamhaus.org/bcl/"
        >spamhausBCL.rules</file>   
    </files>
</ruleset>


Any ideas?
Title: Re: 21.7 adding custom rules to IDS doesn't seem to work
Post by: Fright on August 06, 2021, 04:58:36 PM
hi
try to escape "&" sign in xml (change & to &amp;). should work imho
Text only | Text with Images