I am using suricata-update with the --no-merge option.
I opted to enable all emerging-exploit.rules group with enable.conf file. There is a particular rule that is giving me a lot of false positives.
But, when i insert its signature ID into disable.conf file, the rule is still triggering (maybe because is explicity enabled in enable.conf). How can i disable that rule in specific? Maybe supress?