Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-26 18:24:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tpotce/docker/suricata
History
Andrea De Pasquale 620a909657 Suricata: improve setup/config for ETPRO ruleset 
PROBLEM (see #487)
- ET rule files start with the "emerging-*" prefix;
- ETPRO rule files do not start with that prefix.

SOLUTION
Concatenate all rule files, with the exception of "*disabled.rules",
into a single rule file at "/etc/suricata/rules/tpotce.rules"

I have left as-is the "sed" command that enables all commented-out
rules. Since that is usually done for performance reasons, maybe it
could be turned into a configuration option like the OINKCODE.

Another thing worth considering is to use "suricata-update" instead:
https://suricata-update.readthedocs.io/en/latest/quickstart.html
2020-11-25 15:27:01 +01:00
..
dist Suricata: improve setup/config for ETPRO ruleset 2020-11-25 15:27:01 +01:00
docker-compose.yml continue pin / prep images ghcr 2020-09-04 12:37:28 +00:00
Dockerfile Suricata: improve setup/config for ETPRO ruleset 2020-11-25 15:27:01 +01:00
Dockerfile.from.source cleanup 2020-02-27 10:35:50 +00:00