Good morning and happy Thursday,
The story here as follows, to get an idea what I am trying to accomplish.
CISA has a list of most exploited vulnerabilities which is very useful. We have gone through the exercise of determining which rules in Suricata need to be adjusted to ensure we are properly alerted.
Now, and I am little ashamed of this, the list of adjustments is rather large (nothing external facing thankfully).
In order to keep track of this correctly I was thinking to create a 2nd “modify.conf” in which I can easily track and find the adjustments. (1)
Also I want to raise the alert level in case there is a successful attempt (2).
So any input is highly appreciated.
CISA link for those interested: Known Exploited Vulnerabilities Catalog | CISA