Actions
Support #3499
closedConfiguring rules for IDS/IPS
Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:
Description
Hello,
so I'm trying to use Suricata as an IDS/IPS but do not know if I should disable all rules and create custom rules but if so, how do I do it?
thank you
Updated by Victor Julien over 4 years ago
- Tracker changed from Task to Support
- Priority changed from High to Normal
Updated by Andreas Herz over 4 years ago
You can use suricata-update to manage rulesets. What you want to enable or disable depends on what you want to achieve. See https://suricata.readthedocs.io/en/latest/rule-management/index.html for more details about suricata-update.
Actions