I am a new user here, I have doubt.
I have a signature.sig in site folder and my site/mydomain.bro looks as bellow,
Make any changes to policy starting HERE:
To run signatures, uncomment the following line.
@ifdef ( use_signatures )
Load Bro signatures. This is the default file containing Bro
redef signature_files += “signatures”;
Did my signature loaded? it seems that # @load brolite-sigs is commented
How to ensure which signature is loaded and which is not?
"use_signatures" is only defined when brolite-sigs is loaded so, no,
the signatures are not used in this case. The most direct way to
make sure that a signature file is loaded, is to use the "redef"
line just by itself:
redef signature_files += "signatures";
I.e., no @ifdef/@endif around it.
Hope this helps,