Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-26 18:24:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tpotce/docker/suricata/dist
History
Andrea De Pasquale 620a909657 Suricata: improve setup/config for ETPRO ruleset 
PROBLEM (see #487)
- ET rule files start with the "emerging-*" prefix;
- ETPRO rule files do not start with that prefix.

SOLUTION
Concatenate all rule files, with the exception of "*disabled.rules",
into a single rule file at "/etc/suricata/rules/tpotce.rules"

I have left as-is the "sed" command that enables all commented-out
rules. Since that is usually done for performance reasons, maybe it
could be turned into a configuration option like the OINKCODE.

Another thing worth considering is to use "suricata-update" instead:
https://suricata-update.readthedocs.io/en/latest/quickstart.html
2020-11-25 15:27:01 +01:00
..
capture-filter.bpf add DockerHub back in cap filter 2020-09-08 10:45:58 -07:00
null.bpf tweaking 2018-05-23 13:02:19 +00:00
suricata.yaml Suricata: improve setup/config for ETPRO ruleset 2020-11-25 15:27:01 +01:00
update.sh Suricata: improve setup/config for ETPRO ruleset 2020-11-25 15:27:01 +01:00