mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
Suricata: use suricata-update for rule management
As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload.
This commit is contained in:
71
docker/suricata/dist/suricata.yaml
vendored
71
docker/suricata/dist/suricata.yaml
vendored
@ -1061,7 +1061,7 @@ host-mode: auto
|
||||
# activated in live capture mode. You can use the filename variable to set
|
||||
# the file name of the socket.
|
||||
unix-command:
|
||||
enabled: no
|
||||
enabled: yes
|
||||
#filename: custom.socket
|
||||
|
||||
# Magic file. The extension .mgc is added to the value here.
|
||||
@ -1862,78 +1862,15 @@ napatech:
|
||||
## Configure Suricata to load Suricata-Update managed rules.
|
||||
##
|
||||
|
||||
#default-rule-path: /var/lib/suricata/rules
|
||||
default-rule-path: /etc/suricata/rules
|
||||
|
||||
default-rule-path: /var/lib/suricata/rules
|
||||
rule-files:
|
||||
- botcc.rules
|
||||
- botcc.portgrouped.rules
|
||||
- ciarmy.rules
|
||||
- compromised.rules
|
||||
- drop.rules
|
||||
- dshield.rules
|
||||
- emerging-activex.rules
|
||||
- emerging-adware_pup.rules
|
||||
- emerging-attack_response.rules
|
||||
- emerging-chat.rules
|
||||
- emerging-coinminer.rules
|
||||
- emerging-current_events.rules
|
||||
- emerging-dns.rules
|
||||
- emerging-dos.rules
|
||||
- emerging-exploit.rules
|
||||
- emerging-exploit_kit.rules
|
||||
- emerging-ftp.rules
|
||||
- emerging-games.rules
|
||||
- emerging-hunting.rules
|
||||
- emerging-icmp_info.rules
|
||||
- emerging-icmp.rules
|
||||
- emerging-imap.rules
|
||||
- emerging-inappropriate.rules
|
||||
- emerging-info.rules
|
||||
- emerging-ja3.rules
|
||||
- emerging-malware.rules
|
||||
- emerging-misc.rules
|
||||
- emerging-mobile_malware.rules
|
||||
- emerging-netbios.rules
|
||||
- emerging-p2p.rules
|
||||
- emerging-phishing.rules
|
||||
- emerging-policy.rules
|
||||
- emerging-pop3.rules
|
||||
- emerging-rpc.rules
|
||||
- emerging-scada.rules
|
||||
- emerging-scan.rules
|
||||
- emerging-shellcode.rules
|
||||
- emerging-smtp.rules
|
||||
- emerging-snmp.rules
|
||||
- emerging-sql.rules
|
||||
- emerging-telnet.rules
|
||||
- emerging-tftp.rules
|
||||
# - emerging-trojan.rules
|
||||
- emerging-user_agents.rules
|
||||
- emerging-voip.rules
|
||||
- emerging-web_client.rules
|
||||
- emerging-web_server.rules
|
||||
- emerging-web_specific_apps.rules
|
||||
- emerging-worm.rules
|
||||
- tor.rules
|
||||
- decoder-events.rules # available in suricata sources under rules dir
|
||||
- stream-events.rules # available in suricata sources under rules dir
|
||||
- http-events.rules # available in suricata sources under rules dir
|
||||
- smtp-events.rules # available in suricata sources under rules dir
|
||||
- dns-events.rules # available in suricata sources under rules dir
|
||||
- tls-events.rules # available in suricata sources under rules dir
|
||||
- modbus-events.rules # available in suricata sources under rules dir
|
||||
- app-layer-events.rules # available in suricata sources under rules dir
|
||||
- dnp3-events.rules # available in suricata sources under rules dir
|
||||
- ntp-events.rules # available in suricata sources under rules dir
|
||||
- ipsec-events.rules # available in suricata sources under rules dir
|
||||
- kerberos-events.rules # available in suricata sources under rules dir
|
||||
- suricata.rules
|
||||
|
||||
##
|
||||
## Auxiliary configuration files.
|
||||
##
|
||||
|
||||
classification-file: /etc/suricata/rules/classification.config
|
||||
classification-file: /var/lib/suricata/rules/classification.config
|
||||
reference-config-file: /etc/suricata/reference.config
|
||||
# threshold-file: /etc/suricata/threshold.config
|
||||
|
||||
|
Reference in New Issue
Block a user