Project

General

Profile

Actions
Copy link

Optimization #3396

open

Safer defaults when faced with error / fallback

Added by Tiago F. over 4 years ago. Updated 10 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Hi,

I recently had a situations where:

- Had a noisy rule that wanted to disable
- ET PRO was having an issue where one of their rules were failing to parse

Because of the ruleset problem, suricata-update would fallback and use a previous good set of rules. This means, however, that changes made in local files (specifically disable.conf) would not be updated.

In my particular case, the solution would be for ET to fix the problem so that a new rules file could be created with the changes in local files.

Ideally, my local changes would find a way into rules EVEN if a ruleset is failing to parse (don't know what's the behavior in case of failure to download).

suricata-update 1.1.0

Actions
Copy link
 #1

Updated by Shivani Bhardwaj about 4 years ago

  • Status changed from New to Assigned
Actions
Copy link
 #2

Updated by Jason Ish over 2 years ago

In this case was Suricata-Update failing or was it the Suricata test phase that was failing. I'm wondering if --no-test would have been a work-around for this case.

Actions
Copy link
 #3

Updated by Philippe Antoine 10 months ago

  • Target version set to 1.3.0
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 10 months ago

  • Target version changed from 1.3.0 to TBD
Actions
Copy link

Also available in: Atom PDF