I want to make exceptions to certain rules

headfish · September 14, 2020, 11:54am

i build suricata and using ET Rule and some custom rules…

so I would like to make exceptions based on Src IP or Dst IP for a specific rule.

I don’t want to do it directly in the .rule file. Is it possible??

Jeff_Lucovsky · September 14, 2020, 12:19pm

Hi,
Please explain the types of exceptions that you would like to make. Note that you can make changes to the “rule variables” in the vars section of the configuration file.

E.g.,
HOME_NET, etc

headfish · September 17, 2020, 2:29am

for example. if exist Rule name CUSTOM_RULE, i want to detect CUSTOM_RULE except src IP: 10.0.0.10

Jeff_Lucovsky · September 18, 2020, 1:31pm

Perhaps this thread may help: Excluding IP Addresses from Monitoring or IDS/IPS

Topic		Replies	Views
Suricata ignore Rule by IP	3	2800	July 26, 2021
Suricata Variables and Rules Rules	1	2253	June 2, 2020
$HOME_NET in suricata rule ignored? Rules rules , suricata	2	305	December 18, 2023
Custom rule not triggering (newbie warning!) [SOLVED] Rules	3	917	October 20, 2022
Can't trigger custom rules Help	3	997	February 4, 2022

I want to make exceptions to certain rules

Related topics