New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPS policy matching by classtype #4695
Comments
Ok I think I found problem. This is generated rules-policies.config [899f34deb7874e03aacd47fa3abc2309] But here https://suricata.readthedocs.io/en/latest/rules/meta.html#classtype is written that correct syntax is classtype:trojan-activity When I changed It loaded all rules by this classtype. |
perfect, fixed, thanks |
…ata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes opnsense/core#4695
Describe the bug
On 21.1 When I create policy to match rules Im able to match them using rulesets, severity and other items and when I look to rules matched_policy\name they are there.
When I try to do same but match by classtype (any classtype) matched_policy\name is always empty
There are definitely rules to be matched.
The text was updated successfully, but these errors were encountered: