Hi,
I recently bought the ET PRO ruleset. I noticed that the ruleset includes all the rules from ET PRO and also the ET OPEN ruleset.
Is there any way to use only the ET PRO rules?
Thanks!
Yes. You can configure rule-files section of your suricata.yaml to only have the ET Pro rules files.
When i download the ruleset, i use the “no-merge” flag to divid into separate files. For example, i have the rule file “exploit.rules”. Inside this file the ETPRO rules and ET OPEN rules and all together.
How can i have the ETPRO rule files only?
oh. I don’t know if that is possible if they come together like that. Maybe Jason Ish knows and will respond when he sees this.
You could try something like this in your disable.conf:
re: msg:\"ET\s
re: msg:\"GPL\s
It seems to do the trick!
Thanks!!!