Project

General

Profile

Actions
Copy link

Optimization #3396

open

Safer defaults when faced with error / fallback

Added by Tiago F. almost 5 years ago. Updated over 1 year ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Hi,

I recently had a situations where:

- Had a noisy rule that wanted to disable
- ET PRO was having an issue where one of their rules were failing to parse

Because of the ruleset problem, suricata-update would fallback and use a previous good set of rules. This means, however, that changes made in local files (specifically disable.conf) would not be updated.

In my particular case, the solution would be for ET to fix the problem so that a new rules file could be created with the changes in local files.

Ideally, my local changes would find a way into rules EVEN if a ruleset is failing to parse (don't know what's the behavior in case of failure to download).

suricata-update 1.1.0

Actions
Copy link
 #1

Updated by Shivani Bhardwaj over 4 years ago

  • Status changed from New to Assigned
Actions
Copy link
 #2

Updated by Jason Ish almost 3 years ago

In this case was Suricata-Update failing or was it the Suricata test phase that was failing. I'm wondering if --no-test would have been a work-around for this case.

Actions
Copy link
 #3

Updated by Philippe Antoine over 1 year ago

  • Target version set to 1.3.0
Actions
Copy link
 #4

Updated by Shivani Bhardwaj over 1 year ago

  • Target version changed from 1.3.0 to TBD
Actions
Copy link

Also available in: Atom PDF