how to add a cuss Suricata rule as available here https://github.com/ptresearch/AttackDetection/blob/master/CVE-2020-0601/cve-2020-0601.rules
I have tried to copy the file “pt-rules.rules” for example in “/var/lib/suricata” and when accessing from the GUI to the Suricata module, it appears as one more group.
You can mark it and apply it.
I don’t know if this is what you need.
P.D.: I don’t think it’s worth it, since when applying, the group disappears.
Why won’t you add them properly as a new ruleset provider?
How would I do this? The WebIF does not provide any means to add a custom URL.
OTH, guess there is a config file for this, did not find any doc while searching internet.
There is a file here that needs to be extended: https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=config/suricata/ruleset-sources;h=ef8d8482bdd545c86b0024b56a977ee0b646b214;hb=HEAD
You can contact Stefan on the dev mailing list for some help. He wrote this.
Anyone was able to add a new custom ruleset provider?
I tried adding to var/ipfire/suricata/ruleset-sources