Suricata Select all and change all in a given category??
-
Hi there
@bmeeks Can we somehow add an option to change multiple rules to drop by select all and change action?? That would save a bunch of manual work.
-
Sorry, but no. That feature is not something that makes much sense to me. If you want to modify lots and lots of rules, then use the SID MGMT tab features. That tab is tailor-made for the task.
I have been asked about it before and I gave the same answer then. A feature like that is not on my list. The PHP code necessary behind the scenes to keep track of possibly hundreds of checked parameters across a $_POST session call is burdensome and would be prone to errors.
The idea behind the RULES tab is to let you modify just a handful of rules here and there. For largescale rule mods, use the SID MGMT tab and the accompanying custom SID.conf files.
-
@bmeeks said in Suricata Select all and change all in a given category??:
Sorry, but no. That feature is not something that makes much sense to me. If you want to modify lots and lots of rules, then use the SID MGMT tab features. That tab is tailor-made for the task.
I have been asked about it before and I gave the same answer then. A feature like that is not on my list. The PHP code necessary behind the scenes to keep track of possibly hundreds of checked parameters across a $_POST session call is burdensome and would be prone to errors.
The idea behind the RULES tab is to let you modify just a handful of rules here and there. For largescale rule mods, use the SID MGMT tab and the accompanying custom SID.conf files.
Thanks B. Would SID mgmt be a local issue or download lists available online and therefore be a potential security risk?
-
@Cool_Corona said in Suricata Select all and change all in a given category??:
@bmeeks said in Suricata Select all and change all in a given category??:
Sorry, but no. That feature is not something that makes much sense to me. If you want to modify lots and lots of rules, then use the SID MGMT tab features. That tab is tailor-made for the task.
I have been asked about it before and I gave the same answer then. A feature like that is not on my list. The PHP code necessary behind the scenes to keep track of possibly hundreds of checked parameters across a $_POST session call is burdensome and would be prone to errors.
The idea behind the RULES tab is to let you modify just a handful of rules here and there. For largescale rule mods, use the SID MGMT tab and the accompanying custom SID.conf files.
Thanks B. Would SID mgmt be a local issue or download lists available online and therefore be a potential security risk?
SID MGMT makes use of text-based configuration files modelled after those used with PulledPork. Using selection features in the conf files lets you choose rules using several different criteria. You can then modify a rule's content, action or state ('enabled' or 'disabled').
There is a sticky post at the top of this forum describing the feature and how to use it. Here is a link: https://forum.netgate.com/topic/128480/how-automatic-sid-management-and-user-rule-overrides-work-in-snort-and-suricata.
Enable SID MGMT on that tab and then open and read through the provided sample config files. They have comments inside and examples.