Jeff Geiger

icon indicating a website link http://jeffgeiger.com icon indicating an email [email protected]

icon location Nebraska

Results 4 issues of Jeff Geiger

Stub in ability to disable rules for `suricata-update`

1 comment

**Reasoning:** Provide a simple way for folks to disable noisy/useless rules "out of the box". **Necessary steps:** Add `/etc/suricata/disable.conf` on provision. Add `--disable-conf /etc/suricata/disable.conf` to the `suricata-update` cron job. **Nice...

enhancement

Add suricata-update log file when provisioned.

The file `/var/log/suricata-update.log` needs to be created with `suricata:suricata` permissions. Otherwise `suricata-update` cron fails.

bug

Document offline update procedures and considerations.

There's an opportunity here to also bundle in some scripts that can be used to pull updates and create the repo metadata so the `/srv/rocksnm` local repo can be updated...

enhancement
help wanted
needs docs

Extend the intel framework to add an ASN indicator type.

We're already adding ASN's to the `conn.log`, so it makes sense to add an indicator type to the Intel Framework to support it. I have the beginnings of this already....

enhancement