Support #2431: Change priority - Suricata - Open Information Security Foundation

Actions

Copy link

Support #2431

closed

Change priority

Added by Roman Karpyuk almost 7 years ago. Updated almost 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

Dear colleagues,
can I change priority for set of rules or change type of action from "alert" to "drop" for all rules, for example, in file "mobile_malware.rules".
I use oinkmaster. Suricata 4.0.3.

Thanks.

Actions

Copy link

Updated by Andreas Herz almost 7 years ago

Assignee set to Anonymous
Target version set to Support

Actions

Copy link

Updated by Victor Julien almost 7 years ago

See http://suricata.readthedocs.io/en/latest/rule-management/oinkmaster.html

You'd add something like:

modifysid mobile_malware.rules "alert" | "drop"

Actions

Copy link

Updated by Roman Karpyuk almost 7 years ago

I modify rules by sids every day but I haven't known that I can write like this "modifysid mobile_malware.rules ...".
Thanks alot for your hint.

Actions

Copy link

Updated by Victor Julien almost 7 years ago

Status changed from New to Closed

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #2431

Change priority

Updated by Andreas Herz almost 7 years ago

Updated by Victor Julien almost 7 years ago

Updated by Roman Karpyuk almost 7 years ago

Updated by Victor Julien almost 7 years ago