[Emerging-Sigs] sidmap generator

Tiago Faria tiago.faria.backups at gmail.com
Mon Feb 3 09:28:02 HST 2020


That's a very good idea Duane, thank you.

I'll look into using gonids and report back. Since this is going into a
Lambda function gonids seems like a very good fit!

On Mon, Feb 3, 2020 at 7:06 PM Duane Howard <duane.security at gmail.com>
wrote:

> You could write a small utility using the gonids[0] parsing library.
> Should roughly be something like:
> ```
> package main
>
> import "github.com/google/gonids"
>
> func main() {
>   r, err := gonids.ParseRule(rule)
>   if err != nil {
>     // Handle parse error
>   }
>   var msgmap []string
>   msgmap = append(msgmap, fmt.Sprintf("%d", r.SID))
>   msgmap = append(msgmap, r.Description)
>   for _, ref := range r.References {
>     msgmap = append(msgmap, fmt.Sprintf("%s,%s", ref.Type, ref.Value))
>   }
>   fmt.Println(strings.Join(msgmap, " || "))
> }
> ```
>
> [0] https://github.com/google/gonids
>
> On Mon, Feb 3, 2020 at 10:27 AM Jason Williams <
> jwilliams at emergingthreats.net> wrote:
>
>> Tiago,
>>
>> create-sidmap.pl is part of the oinkmaster distribution, take a look
>> there
>>
>> http://oinkmaster.sourceforge.net/faq.shtml
>>
>> HTH,
>>
>> Jason
>>
>> On Mon, Feb 3, 2020 at 11:15 AM Tiago Faria <
>> tiago.faria.backups at gmail.com> wrote:
>>
>>> Hi list,
>>>
>>> I know this is a bit of a weird request but was wondering if the script
>>> that generates https://rules.emergingthreats.net/sidmap/ is available
>>> anywhere online? Looked on ET GH but couldn't find it.
>>>
>>> I would really like to create something similar for other rulesets (and
>>> even combine other rulesets and provide a general sidmap; easier for
>>> querying or feeding other systems) and the best I came up with 'while read
>>> -r line' is far from what it should be. :)
>>>
>>> Perfectly understand if the ET team can't share, just thought I'd ask :)
>>>
>>> Thank you!
>>> T
>>> _______________________________________________
>>> Emerging-sigs mailing list
>>> Emerging-sigs at lists.emergingthreats.net
>>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>>
>>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> http://www.emergingthreats.net
>>>
>>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/462006d1/attachment.html>


More information about the Emerging-sigs mailing list