[RESOLVED] Suricata update rules

Hello Everyone,

suricata -V This is Suricata version 6.0.16 RELEASE

I am trying understand rules updates flows.
I created disable.conf and enable.conf with all required rules, but Suricata-update try to load all rules

disable.conf

group:stream-events.rules
group:emerging-web_client
group:emerging-web_server.rules
group:emerging-ja3.rules
group:emerging-misc.rules
group:emerging-mobile_malware.rules
egroup:merging-malware.rules
group:emerging-misc.rules
group:emerging-mobile_malware.rules
group:emerging-netbios.rules
group:emerging-p2p.rules
group:emerging-phishing.rules
group:emerging-policy.rules
group:emerging-pop3.rules
group:emerging-rpc.rules
group:emerging-scada.rules
group:emerging-scan.rules
group:emerging-shellcode.rules
group:emerging-smtp.rules
group:emerging-snmp.rules
group:emerging-sql.rules
group:emerging-telnet.rules
group:emerging-tftp.rules
group:emerging-user_agents.rules
group:emerging-web_specific_apps.rules
group:emerging-worm.rules
group:threatview_CS_c2.rules
re:suricata stream
re:HTTP_
re:HTTP_PORTS

enable.conf

group:emerging-dshield.rules
group:emerging-scan.rules
group:emerging-voip.rules

Log

Final result that rules update failing

Any help thank you.

This looks like a typo.

Thank you, corrected. But issue still present.

10/3/2024 -- 10:08:44 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop dns $HOME_NET any -> any any (msg:"ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (villagemagneticcsa .fun)"; dns.query; bsize:22; content:"villagemagneticcsa.fun"; nocase; reference:md5,d8666ba0b58b3d01ff7ebc4af4d85bbc; classtype:domain-c2; sid:2050975; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_02_20, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_02_20;)" from file /var/lib/suricata/rules/suricata.rules at line 31086

I specifically disabled HTTP(s) DNS etc … , because it this setup is not required.

I added more REGEX rules into disable.conf and it cleaned outstanding errors.

Than you resolved.