Suricata Inline Priority and SID mgmt
-
Hello,
The Suricata Alert log contains the rule's "Priority" field however when I click on a rule's SID to view the details there isn't any priority value.
ie.:alert pkthdr any any -> any any (msg:"SURICATA IPv4 packet too small"; decode-event:ipv4.pkt_too_small; sid:2200000; rev:1;)
What if my goal is to change all Priority 1 rule to block state using SID mgmt, how should I do that? How can I review the changed rules?
Thank you!
Mind12