[Questions] How to enable only selected trails?

Question

[Questions] How to enable only selected trails?

Closed this issue 9 months ago · 5 comments

Question
Any option for enable only selected trails?

For example, disable all trails and add to whitelist some trails for detection.

Answer 1 · 2023-09-01T07:07:19.000Z

Hello!

Take a look on DISABLED_FEEDS (https://github.com/stamparm/maltrail/blob/master/maltrail.conf#L61-L62) and #DISABLED_TRAILS_INFO_REGEX (https://github.com/stamparm/maltrail/blob/master/maltrail.conf#L67-L68) parameters of /maltrail.conf file.

Hope, this is OK for you.

Answer 2 · 2023-09-01T07:11:51.000Z

Thanks, I have read the existing functionality - it works like a blacklist. (All enabled - some disabled)
I am looking for an opportunity to apply - whitelist. (All disabled - some enabled).

Is it possible?

Answer 3 · 2023-09-01T07:18:45.000Z

First variant only: All enabled - some disabled.

Dirty workaround for your case I suppose -- move (via F6) all uneeded trails/feeds files (I mean, .py for feeds and .txt for static trails) to some spare folder out of MT's working catalog, leave needed trails only and restart the /sensor.py.

Answer 4 · 2023-09-26T10:56:59.000Z

Hello! Closing the ticket?

Answer 5 · 2023-10-07T07:27:58.000Z

Considering as resolved