Disable alert category?

What, if any, is the best way to delete an alert category?

thx
//

To word it better, I need to disable the alert category. can I do that in ‘disable.conf’? If so, what is the proper syntax?

//

If its a specific filename you’d like to disable, you could add:

group: emerging-icmp.rules

do your disable.conf. Or ifs its all alerts with a specific msg prefix you could do something like:

re: "SURICATA STREAM"

See suricata-update - Update — suricata-update 1.3.0dev0 documentation for more details.

1 Like