yookd / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Keep flowbits set but add flowbit noalert to same rule #159

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
I want to keep my flowbits set but do not want it to alert.
I have a few rules I want to do this too and need to know where I can make the 
changes so that downloaded.rules will not over write my changes

What version of the product are you using? On what operating system?
using snort 2.9.6.2 pulledpork 0.7 on Centos 6.5

Please provide any additional information below.
Is there a way to keep a downloaded.rule flowbits:set .... but then add 
flowbits:noalert to the same rule.  I was looking at using modified.sids but 
that is a replacement not an add option. I thought of just modifying the 
downloaded.rules and add it there but then it gets written over all the time.
Then I was going to use local.rules but what if the rule changes and I now want 
it to alert me. any help would be great

Original issue reported on code.google.com by tlhayes1...@gmail.com on 25 Sep 2014 at 1:30

GoogleCodeExporter commented 9 years ago
This will be a function of modifysid, please see the readme and modifysid 
documentation.

Original comment by Cummin...@gmail.com on 29 Sep 2014 at 2:46