I want to make exceptions to certain rules

i build suricata and using ET Rule and some custom rules…

so I would like to make exceptions based on Src IP or Dst IP for a specific rule.

I don’t want to do it directly in the .rule file. Is it possible??

Please explain the types of exceptions that you would like to make. Note that you can make changes to the “rule variables” in the vars section of the configuration file.


for example. if exist Rule name CUSTOM_RULE, i want to detect CUSTOM_RULE except src IP:

Perhaps this thread may help: Excluding IP Addresses from Monitoring or IDS/IPS