___ # Tags #homelab #suricata #cybersecurity # Helpful docs - [Link to rule tuning docs](https://suricata.readthedocs.io/en/suricata-6.0.0/rule-management/suricata-update.html#controlling-which-rules-are-used) ## To disable rules create a file in /etc/suricata/ called disable.conf ```txt # disable stream rulesets group:stream-events.rules # disable any rules with STREAM string re:STREAM # disable ET POLICY Possible Kali Linux hostname in DHCP Request Packet 2022973 ``` - You can disable entire rulesets using the **group:** prefix, additional rules can be found in **/etc/suricata/rules** ![[Pasted image 20220401180643.png]] - After you create the file and add your own rules to disable, re-run the update to push the new config ![[Pasted image 20220401180659.png]] ```txt sudo suricata-update ``` ![[Pasted image 20220401180721.png]] - You should see the number of rules in the disabled category has been updated