[Emerging-Sigs] sidmap generator

Duane Howard duane.security at gmail.com
Mon Feb 3 09:06:23 HST 2020


You could write a small utility using the gonids[0] parsing library.
Should roughly be something like:
```
package main

import "github.com/google/gonids"

func main() {
  r, err := gonids.ParseRule(rule)
  if err != nil {
    // Handle parse error
  }
  var msgmap []string
  msgmap = append(msgmap, fmt.Sprintf("%d", r.SID))
  msgmap = append(msgmap, r.Description)
  for _, ref := range r.References {
    msgmap = append(msgmap, fmt.Sprintf("%s,%s", ref.Type, ref.Value))
  }
  fmt.Println(strings.Join(msgmap, " || "))
}
```

[0] https://github.com/google/gonids

On Mon, Feb 3, 2020 at 10:27 AM Jason Williams <
jwilliams at emergingthreats.net> wrote:

> Tiago,
>
> create-sidmap.pl is part of the oinkmaster distribution, take a look there
>
> http://oinkmaster.sourceforge.net/faq.shtml
>
> HTH,
>
> Jason
>
> On Mon, Feb 3, 2020 at 11:15 AM Tiago Faria <tiago.faria.backups at gmail.com>
> wrote:
>
>> Hi list,
>>
>> I know this is a bit of a weird request but was wondering if the script
>> that generates https://rules.emergingthreats.net/sidmap/ is available
>> anywhere online? Looked on ET GH but couldn't find it.
>>
>> I would really like to create something similar for other rulesets (and
>> even combine other rulesets and provide a general sidmap; easier for
>> querying or feeding other systems) and the best I came up with 'while read
>> -r line' is far from what it should be. :)
>>
>> Perfectly understand if the ET team can't share, just thought I'd ask :)
>>
>> Thank you!
>> T
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/25cb024a/attachment-0001.html>


More information about the Emerging-sigs mailing list