1# suricata-update - modify.conf 2 3# Format: <sid> "<from>" "<to>" 4 5# Example changing the seconds for rule 2019401 to 3600. 6# 2019401 "seconds \d+" "seconds 3600" 7# 8# Example converting all alert rules to drop: 9# re:. ^alert drop 10# 11# Example converting all drop rules with noalert back to alert: 12# re:. "^drop(.*)noalert(.*)" "alert\\1noalert\\2" 13 14# Change all trojan-activity rules to drop. Its better to setup a 15# drop.conf for this, but this does show the use of back references. 16# re:classtype:trojan-activity "(alert)(.*)" "drop\\2" 17 18# For compatibility, most Oinkmaster modifysid lines should work as 19# well. 20# modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}" 21