telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Suricata: use suricata-update for rule management

Browse Source 
As a bonus we can now run "suricata-update" using docker-exec,
triggering both a rule update and a Suricata rule reload.
This commit is contained in:
Andrea De Pasquale
2020-11-26 18:10:16 +01:00
parent 2ecef8c607
commit 87a27e4f2b
9 changed files with 39 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
docker/suricata/dist/suricata.yaml vendored
View File

@ -1061,7 +1061,7 @@ host-mode: auto
# activated in live capture mode. You can use the filename variable to set
# the file name of the socket.
unix-command:
enabled: no
enabled: yes
#filename: custom.socket
# Magic file. The extension .mgc is added to the value here.
@ -1862,78 +1862,15 @@ napatech:
## Configure Suricata to load Suricata-Update managed rules.
##
#default-rule-path: /var/lib/suricata/rules
default-rule-path: /etc/suricata/rules
default-rule-path: /var/lib/suricata/rules
rule-files:
- botcc.rules
- botcc.portgrouped.rules
- ciarmy.rules
- compromised.rules
- drop.rules
- dshield.rules
- emerging-activex.rules
- emerging-adware_pup.rules
- emerging-attack_response.rules
- emerging-chat.rules
- emerging-coinminer.rules
- emerging-current_events.rules
- emerging-dns.rules
- emerging-dos.rules
- emerging-exploit.rules
- emerging-exploit_kit.rules
- emerging-ftp.rules
- emerging-games.rules
- emerging-hunting.rules
- emerging-icmp_info.rules
- emerging-icmp.rules
- emerging-imap.rules
- emerging-inappropriate.rules
- emerging-info.rules
- emerging-ja3.rules
- emerging-malware.rules
- emerging-misc.rules
- emerging-mobile_malware.rules
- emerging-netbios.rules
- emerging-p2p.rules
- emerging-phishing.rules
- emerging-policy.rules
- emerging-pop3.rules
- emerging-rpc.rules
- emerging-scada.rules
- emerging-scan.rules
- emerging-shellcode.rules
- emerging-smtp.rules
- emerging-snmp.rules
- emerging-sql.rules
- emerging-telnet.rules
- emerging-tftp.rules
# - emerging-trojan.rules
- emerging-user_agents.rules
- emerging-voip.rules
- emerging-web_client.rules
- emerging-web_server.rules
- emerging-web_specific_apps.rules
- emerging-worm.rules
- tor.rules
- decoder-events.rules # available in suricata sources under rules dir
- stream-events.rules # available in suricata sources under rules dir
- http-events.rules # available in suricata sources under rules dir
- smtp-events.rules # available in suricata sources under rules dir
- dns-events.rules # available in suricata sources under rules dir
- tls-events.rules # available in suricata sources under rules dir
- modbus-events.rules # available in suricata sources under rules dir
- app-layer-events.rules # available in suricata sources under rules dir
- dnp3-events.rules # available in suricata sources under rules dir
- ntp-events.rules # available in suricata sources under rules dir
- ipsec-events.rules # available in suricata sources under rules dir
- kerberos-events.rules # available in suricata sources under rules dir
- suricata.rules
##
## Auxiliary configuration files.
##
classification-file: /etc/suricata/rules/classification.config
classification-file: /var/lib/suricata/rules/classification.config
reference-config-file: /etc/suricata/reference.config
# threshold-file: /etc/suricata/threshold.config