SID Mgmt - block change Action

Gblenn

I'm still very much in learning mode here, but figured out how to use SID Mgmt to change Action on a complete list, like emerging-tor.rules or ALL the emerging rules lists...

Say for example I have the following in the Drop SID List
emerging
feodotracker.rules
sslblacklist_tls_cert.rules

This will change all of the 50+ emerging threats lists and the related rules from Alert to Drop. But if I wanted to keep some of the lists, like emerging-info.rules, at the default Action (Alert). How would I do that in a simple way?

I can't figure out a syntax that would affect all emerging except for example emerging-info, -smtp and -ftp??

bmeeks

Put in the full rule category names. There are not that many of them. No need to try to do wildcard matching. It will take a few minutes to paste them in, but then its done and you don't need to touch it again.

Gblenn

@bmeeks I was afraid you were going to say that...
It is in fact 50 plus different lists so I was hoping for something smoother... Perhaps I can find the complete list, with all of them so that I can just cut and paste...

[EDIT] The list is of course in the LAN Categories tab, and can easily be used for copy paste into the SID Mgmt files