I have a request to show a list of all enabled NIDS rules/policies. My NIDS is Suricata and I don’t know how I can get this list.
You could get the number of enabled rules from your rules files listed in the suricata.yaml
reference: suricata/suricata.yaml.in at master · OISF/suricata · GitHub
You could then compare the number of rules in those files to the number of rules reported loaded by suricata at run time if necessary.
suricatasc ruleset-stats or look in the suricata log for a line something like:
<Info> - 1 rule files processed. 63893 rules successfully loaded, 0 rules failed
Is it possible to see the list of all enabled rules, including the rule name?
The rule file(s) are located using values from the configuration file. Suricata ingests and processes the rules but doesn’t contain a way to display them.
As mentioned, the Suricata output log will contain rule counts (and you can also obtain these using