summaryrefslogtreecommitdiffstats
path: root/suricata/update/configs/modify.conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
commit0fcce96a175531ec6042cde1b11a0052aa261dd5 (patch)
tree898a1e161c4984b41e6a732866bd73b24f0f7b7a /suricata/update/configs/modify.conf
parentInitial commit. (diff)
downloadsuricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.tar.xz
suricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.zip
Adding upstream version 1.3.2.upstream/1.3.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'suricata/update/configs/modify.conf')
-rw-r--r--suricata/update/configs/modify.conf24
1 files changed, 24 insertions, 0 deletions
diff --git a/suricata/update/configs/modify.conf b/suricata/update/configs/modify.conf
new file mode 100644
index 0000000..70bfb3e
--- /dev/null
+++ b/suricata/update/configs/modify.conf
@@ -0,0 +1,24 @@
+# suricata-update - modify.conf
+
+# Format: <sid> "<from>" "<to>"
+
+# Example changing the seconds for rule 2019401 to 3600.
+# 2019401 "seconds \d+" "seconds 3600"
+#
+# Example converting all alert rules to drop:
+# re:. ^alert drop
+#
+# Example converting all drop rules with noalert back to alert:
+# re:. "^drop(.*)noalert(.*)" "alert\\1noalert\\2"
+
+# Change all trojan-activity rules to drop. Its better to setup a
+# drop.conf for this, but this does show the use of back references.
+# re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
+
+# For compatibility, most Oinkmaster modifysid lines should work as
+# well.
+# modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}"
+
+# Add metadata.
+#metadata-add re:"SURICATA STREAM" "evebox-action" "archive"
+#metadata-add 2010646 "evebox-action" "archive" \ No newline at end of file