71
Intrusion Detection and Prevention / Re: Suricata rule modifications via suricata-update
« Last post by jonny5 on Today at 08:14:13 am »In short OPNSense's rule management has got me quite far... but I might be ready for a rather larger logic/control application.
See here:
https://suricata-update.readthedocs.io/en/latest/update.html#modifying-rules
https://suricata-update.readthedocs.io/en/latest/update.html#example-configuration-to-modify-rules-modify-conf
OPNSense has suricata-update already, and if we can safely mod away/quite the OPNSense SID management, and/or, somehow in-between-mod the rule set. Huge win! There are a few hosts that trip rules that if I could filter that rule away from that host, it would be the best win.
On a few rules replacing $HOME_NET with [$HOME_NET, ![192.168.0.20,192.168.0.21]] (for example) would make thing great ^_^
See here:
https://suricata-update.readthedocs.io/en/latest/update.html#modifying-rules
https://suricata-update.readthedocs.io/en/latest/update.html#example-configuration-to-modify-rules-modify-conf
OPNSense has suricata-update already, and if we can safely mod away/quite the OPNSense SID management, and/or, somehow in-between-mod the rule set. Huge win! There are a few hosts that trip rules that if I could filter that rule away from that host, it would be the best win.
On a few rules replacing $HOME_NET with [$HOME_NET, ![192.168.0.20,192.168.0.21]] (for example) would make thing great ^_^