-
Suricata-Update can only make use of a single
modify.conffile and I don’t see a common of enough use case to add support for multiple ones. You could probably do some pre-processing are you on to achieve this though. -
Suricata-Update does not have built-in support for modifying the severity of a rule, but I think this is in scope. We recently added the ability to add metadata to a rule (suricata-update - Update — suricata-update 1.3.0dev0 documentation) which is one option you could use to add a custom severity via metadata, if that works for you. Otherwise I’d recomment creating a feature request over at Issues - Suricata - Open Information Security Foundation as I do think this is in-scope for Suricata-Update.