[Emerging-Sigs] sidmap generator

Tiago Faria tiago.faria.backups at gmail.com
Mon Feb 3 12:26:25 HST 2020

pulledpork is a bit overkill from what we're trying to do (while it's a
great feature if we actually wanted to run this on a sensor).

I didn't add a lot of context in my first post but the idea is to create a
sidmap that will feed another system. In our particular case we will use
the sidmap generated from a list of rulesets to populate a DynamoDB, so the
actual ruleset/rules isn't "valuable" for what we're trying to do.

Having a small program to create it based on a list of rulesets (just with
text processing), that we can have up and running on a AWS Lambda function,
is probably the least complex route for this particular project.

On Mon, Feb 3, 2020 at 10:11 PM Joel Esler (jesler) <jesler at cisco.com>

> Pulledpork will generate a Sid-msg.map for all rules that pulledpork
> ingests and updates for you automatically.
> On Feb 3, 2020, at 1:15 PM, Tiago Faria <tiago.faria.backups at gmail.com>
> wrote:
> Hi list,
> I know this is a bit of a weird request but was wondering if the script
> that generates https://rules.emergingthreats.net/sidmap/ is available
> anywhere online? Looked on ET GH but couldn't find it.
> I would really like to create something similar for other rulesets (and
> even combine other rulesets and provide a general sidmap; easier for
> querying or feeding other systems) and the best I came up with 'while read
> -r line' is far from what it should be. :)
> Perfectly understand if the ET team can't share, just thought I'd ask :)
> Thank you!
> T
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/4044483d/attachment.html>

More information about the Emerging-sigs mailing list