Reset Ruleset to Default

Hi all,
is there a way to reset the IPS ruleset „Talos VRT rules with subscription“ to default? Because I manually enabled to many rules and want to go bock to default configuration.

I don’t know if this is “the” way to do it but it should work.

  1. Stop Intrusion Prevention System at the WUI
  2. From the shell, remove *.rules files in /var/lib/suricata/, then run update-ids-ruleset
  3. Restart Intrusion Prevention System at the WUI

Good luck,
-cab

1 Like