Project

General

Profile

Actions
Copy link

Support #2431

closed
RK

Change priority

Support #2431: Change priority

Added by Roman Karpyuk about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Dear colleagues,
can I change priority for set of rules or change type of action from "alert" to "drop" for all rules, for example, in file "mobile_malware.rules".
I use oinkmaster. Suricata 4.0.3.

Thanks.

AH Updated by Andreas Herz about 8 years ago Actions
Copy link
 #1

  • Assignee set to Anonymous
  • Target version set to Support

VJ Updated by Victor Julien about 8 years ago Actions
Copy link
 #2

See http://suricata.readthedocs.io/en/latest/rule-management/oinkmaster.html

You'd add something like:

modifysid mobile_malware.rules "alert" | "drop"

RK Updated by Roman Karpyuk about 8 years ago Actions
Copy link
 #3

I modify rules by sids every day but I haven't known that I can write like this "modifysid mobile_malware.rules ...".
Thanks alot for your hint.

VJ Updated by Victor Julien about 8 years ago Actions
Copy link
 #4

  • Status changed from New to Closed
Actions
Copy link

Also available in: PDF Atom