is there a way to reset the IPS ruleset „Talos VRT rules with subscription“ to default? Because I manually enabled to many rules and want to go bock to default configuration.
I don’t know if this is “the” way to do it but it should work.
- Stop Intrusion Prevention System at the WUI
- From the shell, remove *.rules files in /var/lib/suricata/, then run update-ids-ruleset
- Restart Intrusion Prevention System at the WUI