Suricata rule modifications via suricata-update

Started by jonny5, November 20, 2024, 09:03:42 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 22, 2025, 10:02:49 PM #15
Quote from: franco on November 21, 2024, 09:26:45 AMYou can modify HOME_NET via advanced settings, you know?


Cheers,
Franco

Must admit, I had not seen the additional settings for IDS until today. My familiarity with the middle-ware of the OPNSense, and even some of the Web GUI specific front-ware is limited to non-existent. It would be quite a detail but possibly really great for all parties, if I could attempt to integrate my mod into the IDS management space of OPNSense. It would be best to keep both management options available, the Policy and Suricata-Update - so long as we could make that a navigable and state correct feature (ability to choose the desired management option at will) it would keep existing and add new.

Any tips, or cheat sheet or guides to designing what exists in the WebGUI + coding the dependent features in the middle-ware/backend-ware?

I would gladly take the opportunity to more or less abstract as much of the suricata.yaml + custom.yaml into options in the GUI as possible, and ideally allow for modification of the template folder's custom.yaml because as it is, what I use for my custom.yaml in raw, cannot be consumed from the template folder's custom.yaml.
February 05, 2025, 04:21:16 PM #16
The suricata rules are updated in the opnsense repository. It doesnt use or need suricata-update as far as I can tell.
All we have to do is click update rules in opnsense.
As far as rules, yes suricata has a few rules not in the opnsense rulesets, but I have not had a single hit on them yet.
The yaml is locked for security and duplication at reload
I think you can set up queues to run scripts if that is needed.
Hope that helps
Is there a problem with the rulesets?
Print
Go Up Pages 1 2
User actions