Dataset rules not triggering at all

AntoninHL · December 7, 2023, 2:50pm

Hi teams,

I try to use dataset with rules.

I created a specific rule using dataset.

I have double check that each line contains only the datasets base64 string and nothing else - no spaces at the end of the line,tabs,carriage returns etc …

But no alert raised with this rule…
It works with basic rules not using dataset…

Any idea?

Thanks

Antonin

sbhardwaj · December 8, 2023, 7:45am

Hi @AntoninHL ! Welcome to our forum!
Could you please share the rules and if possible a pcap which you’d expect them to alert on?
Also, the Suricata version that you’re running.

vjulien · December 8, 2023, 6:35pm

There are working examples in our regression test suite, e.g.

Topic		Replies	Views
Can't trigger custom rules Help	3	921	February 4, 2022
Cant trigger NFS rules if unit was already mounted Help	1	280	January 24, 2021
Alert triggered but nothing in the pcap Rules rules , suricata	2	330	September 19, 2022
Cannot get alerts from pcaps Help	6	2355	July 2, 2020
Test PCAP to trigger all built in classifications or rules Help	2	1821	May 26, 2020

Dataset rules not triggering at all

Related Topics