What, if any, is the best way to delete an alert category?
thx
//
What, if any, is the best way to delete an alert category?
thx
//
To word it better, I need to disable the alert category. can I do that in ‘disable.conf’? If so, what is the proper syntax?
//
If its a specific filename you’d like to disable, you could add:
group: emerging-icmp.rules
do your disable.conf. Or ifs its all alerts with a specific msg prefix you could do something like:
re: "SURICATA STREAM"
See suricata-update - Update — suricata-update 1.3.0dev0 documentation for more details.