Custom Suricata Rule

how to add a cuss Suricata rule as available here

Hi @hellfire

I have tried to copy the file “pt-rules.rules” for example in “/var/lib/suricata” and when accessing from the GUI to the Suricata module, it appears as one more group.

You can mark it and apply it.

I don’t know if this is what you need.


P.D.: I don’t think it’s worth it, since when applying, the group disappears. :unamused:

Why won’t you add them properly as a new ruleset provider?

How would I do this? The WebIF does not provide any means to add a custom URL.

OTH, guess there is a config file for this, did not find any doc while searching internet.

There is a file here that needs to be extended:;a=blob;f=config/suricata/ruleset-sources;h=ef8d8482bdd545c86b0024b56a977ee0b646b214;hb=HEAD

You can contact Stefan on the dev mailing list for some help. He wrote this.

Anyone was able to add a new custom ruleset provider?

I tried adding to var/ipfire/suricata/ruleset-sources