Are these settings deprecated?

1- To run Suricata-IDS in IPS mode, the drop.conf file must be created under the /etc/suricata/ directory with the following contents:

re: .

2- To enable or disable specific rules, enable.conf and disable.conf files must be created under the /etc/suricata/ directory and the SID or name of the desired rule should be inserted in that file(s).

Does the above steps work in the current version of Suricata-IDS?

Thank you.

Did you try before asking?

Thanks again.
Because of some Suricata-IDS problems, I can’t test them. I need to fix the current problems of Suricata-IDS first.

I think you should wait with creating another new topic then. It’s not useful to ask things w/o trying or w/o being able to try the suggestions you may receive.


Thank you for your advice.
But, you are a member of Suricata-IDS team, How do you not know?

What you describe is current with our documentation. So you should try first, if you hit an error, then describe the issue.

1 Like