Rule updates

The command suricata-update can be used to manage the running rule set if a custom source is available via HTTPS.

The suricata-rule-update file is located at /home/plixer/flowpro/rules/suricata-rule-update.yaml.

This file is comprised of the following sections:

• disable-conf: A path to a file containing match statments for conditional rule exclusion. See the example configuration to disable rules for more information.

• ignore: A list used to exclude local custom filenames from duplication. This can be absolute path or local if located in /home/plixer/flowpro/rules.

• sources: The URL pointing to a custom Suricata rule source.

All other suricata-rule-update configuration entries are managed by the system.