[Emerging-Sigs] sidmap generator

Duane Howard duane.security at gmail.com
Thu Feb 6 21:02:51 HST 2020


In case you're still poking at this Tiago, I got Suricata 5.0 support in
this evening. Seems to cover everything in the ET OPEN optimized set at
this time. Please file issues or PRs if you find bugs.

./d

On Mon, Feb 3, 2020 at 2:26 PM Tiago Faria <tiago.faria.backups at gmail.com>
wrote:

> pulledpork is a bit overkill from what we're trying to do (while it's a
> great feature if we actually wanted to run this on a sensor).
>
> I didn't add a lot of context in my first post but the idea is to create a
> sidmap that will feed another system. In our particular case we will use
> the sidmap generated from a list of rulesets to populate a DynamoDB, so the
> actual ruleset/rules isn't "valuable" for what we're trying to do.
>
> Having a small program to create it based on a list of rulesets (just with
> text processing), that we can have up and running on a AWS Lambda function,
> is probably the least complex route for this particular project.
>
> On Mon, Feb 3, 2020 at 10:11 PM Joel Esler (jesler) <jesler at cisco.com>
> wrote:
>
>> Pulledpork will generate a Sid-msg.map for all rules that pulledpork
>> ingests and updates for you automatically.
>>
>>
>>
>> On Feb 3, 2020, at 1:15 PM, Tiago Faria <tiago.faria.backups at gmail.com>
>> wrote:
>>
>> Hi list,
>>
>> I know this is a bit of a weird request but was wondering if the script
>> that generates https://rules.emergingthreats.net/sidmap/ is available
>> anywhere online? Looked on ET GH but couldn't find it.
>>
>> I would really like to create something similar for other rulesets (and
>> even combine other rulesets and provide a general sidmap; easier for
>> querying or feeding other systems) and the best I came up with 'while read
>> -r line' is far from what it should be. :)
>>
>> Perfectly understand if the ET team can't share, just thought I'd ask :)
>>
>> Thank you!
>> T
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>>
>> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200206/500a9620/attachment-0001.html>


More information about the Emerging-sigs mailing list