How to create a rule from Scirius

[crackdj]

Hi guys.

I am new to this, so I ask for an apology if the question is too easy.

I am trying to make a rule which detects the traffic icmp, editing the files of suricata cd /etc/suricata/rules/scirius.rules I enter the following entry alert icmp any any -> any any (msg: "ICMP detected";) then in vi /etc/suricata/suricata.yaml I add config classification: icmp-custom-event, ICMP event, 2 and I can see that in the fast.log the alerts are registered by icmp packages but in the scirius dashboard there is no registry.

thanks for your help

[pevma]

You can save your rule into a file and upload that file to Scirius (Create a source, add the file and then choose if you would like to add it to an existing ruleset or a new one) Alternatively you can upload the rule file to a https web server and do the same.