Open jasonish opened 1 year ago
Can you suggest a workaround on how create a manual override for these defaults?
From what you express, do you say it is not possible to disable oisf/trafficid
right now, nor et/open
, if one wanted to?
/var/lib/suricata
is a volume, so providing your own will result in the default suricata-update behaviour, which is to use et/open
if no other rulesets are enabled. I'll probably make this the default in the git master tag of the container and let that ripple into the next major version tag.
Also, maybe some environment variables to auto do some things for those that wish to do it that way.
By default, the
et/open
andoisf/trafficid
rulesets are enabled by default. This was probably due to personal preference when first creating the container, but at most,et/open
should be enabled, or nothing enabled by default which would have suricata-update default toet/open
anyways.