Suricata Multi Select and Change

Stefan · March 08, 2018, 03:20:30 PM

Is there a way to select multiple rules and change them all, as a group, from Alert to Drop without having to change them one at a time? Such as, there are 302 netbios rules I want to change to drop. That will take an hour or more to do manually. Likewise with our groupings; malware, OSX, etc.

Ciprian · March 09, 2018, 11:18:54 AM

Me too! :)

SecAficionado · March 13, 2018, 02:47:28 AM

Yes, that would be great to add!

dcol · March 14, 2018, 04:45:43 PM

A better rules management system would be nice. I am sure it will come eventually. But from my perspective, it will probably require a total IDS GUI rewrite. Would be nice to know if something is in the works.

Suricata Multi Select and Change

Stefan

March 08, 2018, 03:20:30 PM

Ciprian

March 09, 2018, 11:18:54 AM #1

SecAficionado

March 13, 2018, 02:47:28 AM #2

dcol

March 14, 2018, 04:45:43 PM #3