Optimization #3396: Safer defaults when faced with error / fallback - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Optimization #3396

open

Safer defaults when faced with error / fallback

Added by Tiago F. almost 5 years ago. Updated over 1 year ago.

Status:

Assigned

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Hi,

I recently had a situations where:

- Had a noisy rule that wanted to disable
- ET PRO was having an issue where one of their rules were failing to parse

Because of the ruleset problem, suricata-update would fallback and use a previous good set of rules. This means, however, that changes made in local files (specifically disable.conf) would not be updated.

In my particular case, the solution would be for ET to fix the problem so that a new rules file could be created with the changes in local files.

Ideally, my local changes would find a way into rules EVEN if a ruleset is failing to parse (don't know what's the behavior in case of failure to download).

suricata-update 1.1.0

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata » Suricata-Update

Optimization #3396

Safer defaults when faced with error / fallback

Updated by Shivani Bhardwaj over 4 years ago

Updated by Jason Ish almost 3 years ago

Updated by Philippe Antoine over 1 year ago

Updated by Shivani Bhardwaj over 1 year ago