Added by Darren pierre about 6 years ago. Updated over 5 years ago.
Description
Suricata-update merging local rules without trying to fetch rules from sources
Can you explain what you mean? It's not clear to me what you're requesting.
Victor Julien wrote:
Can you explain what you mean? It's not clear to me what you're requesting.
Is there some way I can use suricata-update just for merging rules from my local machine without suricata-update trying to fetch rules from a url?
Like an offload mode? Use what it has cached instead of reaching out for an update? This is not an option now, but probably should be.
Jason Ish wrote:
Like an offload mode? Use what it has cached instead of reaching out for an update? This is not an option now, but probably should be.
yes some sort of offload mode , uses what it has cached locally and merges all the rules files specified into a new suricata.rules or specified rules file .Do you have any some kind of work around solution for this?
Oops. Meant to say offline mode.
Anyways, no. After it does go online once there is a 15 minute period where it will not. So repeated updates won't go online. But a code change will be required.