Feature #4136
openuse Suricata-Update managed classification.config
Description
Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.
Updated by Victor Julien about 4 years ago
- Project changed from Suricata-Update to Suricata
- Assignee changed from Shivani Bhardwaj to OISF Dev
- Target version set to 7.0.0-beta1
Updated by Victor Julien over 3 years ago
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
Updated by Jason Ish over 3 years ago
- Assignee changed from Juliana Fajardini Reichow to Jason Ish
Updated by Jason Ish about 3 years ago
- Assignee changed from Jason Ish to Shivani Bhardwaj
Most ./configure updates. If Suricata-Update is bundled, use the location that SU outputs to, otherwise use the current default.
Updated by Shivani Bhardwaj almost 3 years ago
- Status changed from New to Assigned
- Priority changed from Normal to High
Updated by Shivani Bhardwaj almost 3 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Updated by Jason Ish about 2 years ago
@Victor Julien Do you think its too late to get this into 7.0 rc?
I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:
- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.
Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from suricata.yaml
.
Updated by Shivani Bhardwaj over 1 year ago
- Status changed from In Review to Assigned
Updated by Shivani Bhardwaj about 1 year ago
- Priority changed from High to Normal