-
Notifications
You must be signed in to change notification settings - Fork 207
Detection Rule Tuning
DustInDark edited this page Apr 21, 2022
·
1 revision
Like firewalls and IDSes, any signature-based tool will require some tuning to fit your environment so you may need to permanently or temporarily exclude certain rules.
You can add a rule ID (Example: 4fe151c2-ecf9-4fae-95ae-b88ec9c2fca6) to rules/config/exclude_rules.txt in order to ignore any rule that you do not need or cannot be used.
You can also add a rule ID to rules/config/noisy_rules.txt in order to ignore the rule by default but still be able to use the rule with the -n or --enable-noisy-rules option.