[Emerging-Sigs] sidmap generator

Tiago Faria tiago.faria.backups at gmail.com
Fri Feb 7 07:57:05 HST 2020


Hey Duane,

Definitely am! That's good to know. Thank you for your help! I'll get back
to you soon.

On Fri, Feb 7, 2020 at 7:03 AM Duane Howard <duane.security at gmail.com>
wrote:

> In case you're still poking at this Tiago, I got Suricata 5.0 support in
> this evening. Seems to cover everything in the ET OPEN optimized set at
> this time. Please file issues or PRs if you find bugs.
>
> ./d
>
> On Mon, Feb 3, 2020 at 2:26 PM Tiago Faria <tiago.faria.backups at gmail.com>
> wrote:
>
>> pulledpork is a bit overkill from what we're trying to do (while it's a
>> great feature if we actually wanted to run this on a sensor).
>>
>> I didn't add a lot of context in my first post but the idea is to create
>> a sidmap that will feed another system. In our particular case we will use
>> the sidmap generated from a list of rulesets to populate a DynamoDB, so the
>> actual ruleset/rules isn't "valuable" for what we're trying to do.
>>
>> Having a small program to create it based on a list of rulesets (just
>> with text processing), that we can have up and running on a AWS Lambda
>> function, is probably the least complex route for this particular project.
>>
>> On Mon, Feb 3, 2020 at 10:11 PM Joel Esler (jesler) <jesler at cisco.com>
>> wrote:
>>
>>> Pulledpork will generate a Sid-msg.map for all rules that pulledpork
>>> ingests and updates for you automatically.
>>>
>>>
>>>
>>> On Feb 3, 2020, at 1:15 PM, Tiago Faria <tiago.faria.backups at gmail.com>
>>> wrote:
>>>
>>> Hi list,
>>>
>>> I know this is a bit of a weird request but was wondering if the script
>>> that generates https://rules.emergingthreats.net/sidmap/ is available
>>> anywhere online? Looked on ET GH but couldn't find it.
>>>
>>> I would really like to create something similar for other rulesets (and
>>> even combine other rulesets and provide a general sidmap; easier for
>>> querying or feeding other systems) and the best I came up with 'while read
>>> -r line' is far from what it should be. :)
>>>
>>> Perfectly understand if the ET team can't share, just thought I'd ask :)
>>>
>>> Thank you!
>>> T
>>> _______________________________________________
>>> Emerging-sigs mailing list
>>> Emerging-sigs at lists.emergingthreats.net
>>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>>
>>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> http://www.emergingthreats.net
>>>
>>>
>>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200207/0dea9726/attachment.html>


More information about the Emerging-sigs mailing list