Dynamic management of datasets

mavam · April 13, 2020, 1:37pm

I’m trying to figure out how to manage datasets dynamically while Suricata is running. It looks like there is a dataset-add command that works over a domain socket. The documentation doesn’t list the symmetric dataset-delete command. Is this simply not yet implemented? Without the ability to remove data, it seems difficult to maintain a steady state of currently relevant data (other than performing periodic restarts).

vjulien · April 13, 2020, 1:44pm

Hi Matthias, welcome.

The remove/delete command is indeed not implemented yet. I’ve just opened a ticket here https://redmine.openinfosecfoundation.org/issues/3635

vjulien · April 15, 2020, 6:26am

If you’re willing to try dev code, I’ve done a first attempt here: https://github.com/OISF/suricata/pull/4822

mavam · April 15, 2020, 8:11am

Thanks, I’m not yet ready to give it a shot, but great to see I can now start experimenting!

vjulien · April 30, 2020, 5:41pm

Quick update: Suricata 5.0.3 now has the removal support.

Topic		Replies	Views
Architecture and Data aggregation Help	0	477	May 19, 2020
Introducting MutableSecurity: Seamlessly deployment and management of cybersecurity solutions Community Announcements ips , community , suricata	0	431	April 29, 2022
Impulse XDR: the easiest way to use Suricata Community Announcements ips , community , suricata	12	442	May 21, 2024
Suricata in Kubernetes Help	2	4639	September 22, 2021
Hands-On Session: Match on millions of IoCs in Suricata (Thanks to Datasets)! Announcements	1	1177	April 14, 2022

Dynamic management of datasets

Related Topics