From 0fcce96a175531ec6042cde1b11a0052aa261dd5 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 19:43:34 +0200
Subject: Adding upstream version 1.3.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 suricata/update/configs/modify.conf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 suricata/update/configs/modify.conf

(limited to 'suricata/update/configs/modify.conf')

diff --git a/suricata/update/configs/modify.conf b/suricata/update/configs/modify.conf
new file mode 100644
index 0000000..70bfb3e
--- /dev/null
+++ b/suricata/update/configs/modify.conf
@@ -0,0 +1,24 @@
+# suricata-update - modify.conf
+
+# Format: <sid> "<from>" "<to>"
+
+# Example changing the seconds for rule 2019401 to 3600.
+# 2019401 "seconds \d+" "seconds 3600"
+#
+# Example converting all alert rules to drop:
+# re:. ^alert drop
+#
+# Example converting all drop rules with noalert back to alert:
+# re:. "^drop(.*)noalert(.*)" "alert\\1noalert\\2"
+
+# Change all trojan-activity rules to drop. Its better to setup a
+# drop.conf for this, but this does show the use of back references.
+# re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
+
+# For compatibility, most Oinkmaster modifysid lines should work as
+# well.
+# modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}"
+
+# Add metadata.
+#metadata-add re:"SURICATA STREAM" "evebox-action" "archive"
+#metadata-add 2010646 "evebox-action" "archive"
\ No newline at end of file
-- 
cgit v1.2.3