From b531e7725da188f15d7abe4b345b5232e70dbf4c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 29 Mar 2018 10:15:34 +0200 Subject: [PATCH] doc: improve suricata-update docs now that its bundled --- doc/userguide/rule-management/oinkmaster.rst | 2 ++ .../rule-management/suricata-update.rst | 17 ++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/userguide/rule-management/oinkmaster.rst b/doc/userguide/rule-management/oinkmaster.rst index 3903673848..c8cb56bd94 100644 --- a/doc/userguide/rule-management/oinkmaster.rst +++ b/doc/userguide/rule-management/oinkmaster.rst @@ -1,6 +1,8 @@ Rule Management with Oinkmaster =============================== +.. note:: ``suricata-update`` is the official and recommended way to + update and manage rules and rulesets. See :doc:`suricata-update` It is possible to download and install rules manually, but there is a much easier and quicker way to do so. There are special programs which diff --git a/doc/userguide/rule-management/suricata-update.rst b/doc/userguide/rule-management/suricata-update.rst index 13e055a684..397e628804 100644 --- a/doc/userguide/rule-management/suricata-update.rst +++ b/doc/userguide/rule-management/suricata-update.rst @@ -1,20 +1,16 @@ Rule Management with Suricata-Update ==================================== -.. note:: ``suricata-update`` is in active development and is not yet - considered 'production quality'. Proceed with care. - While it is possible to download and install rules manually, it is recommended to use a management tool for this. Suricata-Update is the official way to update and manage rules for Suricata. +Suricata-update is bundled with Suricata and is normally installed +with it. For instructions on installing manually, see http://suricata-update.readthedocs.io/en/latest/quickstart.html#install-suricata-update -To install suricata-update - -:: - - sudo apt install python-pip python-yaml - sudo pip install --pre --upgrade suricata-update +.. note:: ``suricata-update`` is bundled with Suricata version 4.1 and + later. It can be used with older versions as well. It will + have to be installed separately in that case. To download the Emerging Threats Open ruleset, it is enough to simply run: @@ -69,6 +65,9 @@ This will give a result similar to .. image:: suricata-update/suricata-update.png +Each of the rulesets has a name that has a 'vendor' prefix, followed by a +set name. For example, OISF's traffic id ruleset is called 'oisf/trafficid'. + To enable 'oisf/trafficid', enter: :: -- 2.47.2