Feature #2270
closedSuricata-update: support profiles
Description
Our sensors are running in different environments.
We would like to be able to create profiles, the profile to use should be passed on the command line.
Each profile could use different configuration rules to enable/disable/modify different sets of rules.
Updated by Victor Julien about 7 years ago
- Project changed from Suricata to Suricata-Update
Updated by Victor Julien over 5 years ago
If all of the options could be controlled by the yaml, simply specifying a different yaml would count as a profile I guess? Not sure if there are things currently that can't be controlled through the yaml.
Updated by Jason Ish over 5 years ago
Victor Julien wrote:
If all of the options could be controlled by the yaml, simply specifying a different yaml would count as a profile I guess? Not sure if there are things currently that can't be controlled through the yaml.
I don't think there is anything that can't be controlled by the configuration file. There may have been, pre-1.0 when this bug was created, but yes, using a configuration file should be able to override everything.
I guess one issue when "profiles" are discussed is that it might be hard to share a "base" configuration. But I'm not sure if this is in scope of Suricata-Update, probably better for the orchestration tools built around it. The most I'd consider if a way to include files into others, for example, disable.conf could include another disable.conf, which could serve as the base configuration. This could give you some level of inheritance between configurations, and is rather simple to develop and maintain on our end.