Merge pull request #696 from bmeeks8/suricata-2.0.3-v2.0

1 files changed, 23 insertions, 0 deletions

diff --git a/config/suricata/modifysid-sample.conf b/config/suricata/modifysid-sample.conf
new file mode 100644
index 00000000..d59f84ba
--- /dev/null
+++ b/config/suricata/modifysid-sample.conf
@@ -0,0 +1,23 @@
+# example modifysid.conf
+#
+# formatting is simple
+# <sid or sid list> "what I'm replacing" "what I'm replacing it with"
+#
+# Note that this will only work with GID:1 rules, simply because modifying
+# GID:3 SO stub rules would not actually affect the rule.
+#
+# If you are attempting to change rulestate (enable,disable) from here
+# then you are doing it wrong. Do this from within the respective 
+# rulestate modification configuration files.
+
+# the following applies to sid 10010 only and represents what would normally
+# be s/to_client/from_server/
+# 10010 "to_client" "from_server"
+
+# the following would replace HTTP_PORTS with HTTPS_PORTS for ALL GID:1
+# rules
+# "HTTP_PORTS" "HTTPS_PORTS"
+
+# multiple sids can be specified as noted below:
+# 302,429,1821 "\$EXTERNAL_NET" "\$HOME_NET"
+