diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:43:34 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:43:34 +0000 |
| commit | 0fcce96a175531ec6042cde1b11a0052aa261dd5 (patch) | |
| tree | 898a1e161c4984b41e6a732866bd73b24f0f7b7a /suricata/update/configs/modify.conf | |
| parent | Initial commit. (diff) | |
| download | suricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.tar.xz suricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.zip | |
Adding upstream version 1.3.2.upstream/1.3.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'suricata/update/configs/modify.conf')
| -rw-r--r-- | suricata/update/configs/modify.conf | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/suricata/update/configs/modify.conf b/suricata/update/configs/modify.conf new file mode 100644 index 0000000..70bfb3e --- /dev/null +++ b/suricata/update/configs/modify.conf @@ -0,0 +1,24 @@ +# suricata-update - modify.conf + +# Format: <sid> "<from>" "<to>" + +# Example changing the seconds for rule 2019401 to 3600. +# 2019401 "seconds \d+" "seconds 3600" +# +# Example converting all alert rules to drop: +# re:. ^alert drop +# +# Example converting all drop rules with noalert back to alert: +# re:. "^drop(.*)noalert(.*)" "alert\\1noalert\\2" + +# Change all trojan-activity rules to drop. Its better to setup a +# drop.conf for this, but this does show the use of back references. +# re:classtype:trojan-activity "(alert)(.*)" "drop\\2" + +# For compatibility, most Oinkmaster modifysid lines should work as +# well. +# modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}" + +# Add metadata. +#metadata-add re:"SURICATA STREAM" "evebox-action" "archive" +#metadata-add 2010646 "evebox-action" "archive"
\ No newline at end of file |