21.7 adding custom rules to IDS doesn't seem to work

Started by nzkiwi68, July 31, 2021, 01:36:10 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 31, 2021, 01:36:10 AM
I can't get my custom IDS rules to load. I've rebooted, waited a day, etc. Perhaps when using Proofpoint ET ruleset it won't add custom rules??

Here my file "spamhausBCL.xml" and it's placed in usr/local/opnsense/scripts/suricata/metadata/rules/spamhausBCL.xml

Code Select

<?xml version="1.0"?>
<ruleset>
    <location url="https://pub-api.spamhaus.org/api/snort/" prefix="spamhausBCL"/>
    <files>
        <file url="https://pub-api.spamhaus.org/api/snort/?account=xxxxxxxxxxxxxxx&key=yyyyyyyyyyyyy"
              description="Spamhaus Botnet Controller List"
              documentation_url="https://www.spamhaus.org/bcl/"
        >spamhausBCL.rules</file>   
    </files>
</ruleset>


Any ideas?
August 06, 2021, 04:58:36 PM #1
hi
try to escape "&" sign in xml (change & to &amp;). should work imho
Print
Go Up Pages1
User actions