Disable download emerging.rules by default [Suricata 6.0.8]

Hi, everyone

I would like to know whether it is possible to disable download emerging.rules by default.

I have installed Suricata 6.0.8 vía PPA in Ubuntu 20.04. After having launched suricata-update, I have found that Suricata downloads emerging threads rules by default. I would like to enable and disable rules on my own.

27/10/2022 -- 16:23:12 - <Info> -- No sources configured, will use Emerging Threats Open
27/10/2022 -- 16:23:12 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-6.0.8/emerging.rules.tar.gz.md5.

Thanks in advance :slight_smile:

1 Like

Hmm, this does appear to be a missing feature, to disable default behaviour?

Are there any of the remote sources in the index you would like to enable? Enable one of them, and you won’t get the default et/open.

If not, you could create an empty source… Something like:

touch /etc/suricata/empty.rules
suricata-update add-source empty file:///etc/suricata/empty.rules

I’ll have to give this some though, as its not as easy as it should be to disable the default behaviour.



That solution works, however, in my opinion, it would better to find another practical way.

Thank you very much :smiley: