Hey Suricata ninjas,
I am thinking if I have a large list of ip addresses that I would like to take action on, what would be the best way to write the rules? I am assuming I would need to put the ip addresses into either source ip or destination ip which satisfy the use case. And I know there is a 8kb size limit per rule so the naive way would be to separate it into multiple different rules. But is there a better approach?