[Emerging-Sigs] sidmap generator
tiago.faria.backups at gmail.com
Fri Feb 7 07:57:05 HST 2020
Definitely am! That's good to know. Thank you for your help! I'll get back
to you soon.
On Fri, Feb 7, 2020 at 7:03 AM Duane Howard <duane.security at gmail.com>
> In case you're still poking at this Tiago, I got Suricata 5.0 support in
> this evening. Seems to cover everything in the ET OPEN optimized set at
> this time. Please file issues or PRs if you find bugs.
> On Mon, Feb 3, 2020 at 2:26 PM Tiago Faria <tiago.faria.backups at gmail.com>
>> pulledpork is a bit overkill from what we're trying to do (while it's a
>> great feature if we actually wanted to run this on a sensor).
>> I didn't add a lot of context in my first post but the idea is to create
>> a sidmap that will feed another system. In our particular case we will use
>> the sidmap generated from a list of rulesets to populate a DynamoDB, so the
>> actual ruleset/rules isn't "valuable" for what we're trying to do.
>> Having a small program to create it based on a list of rulesets (just
>> with text processing), that we can have up and running on a AWS Lambda
>> function, is probably the least complex route for this particular project.
>> On Mon, Feb 3, 2020 at 10:11 PM Joel Esler (jesler) <jesler at cisco.com>
>>> Pulledpork will generate a Sid-msg.map for all rules that pulledpork
>>> ingests and updates for you automatically.
>>> On Feb 3, 2020, at 1:15 PM, Tiago Faria <tiago.faria.backups at gmail.com>
>>> Hi list,
>>> I know this is a bit of a weird request but was wondering if the script
>>> that generates https://rules.emergingthreats.net/sidmap/ is available
>>> anywhere online? Looked on ET GH but couldn't find it.
>>> I would really like to create something similar for other rulesets (and
>>> even combine other rulesets and provide a general sidmap; easier for
>>> querying or feeding other systems) and the best I came up with 'while read
>>> -r line' is far from what it should be. :)
>>> Perfectly understand if the ET team can't share, just thought I'd ask :)
>>> Thank you!
>>> Emerging-sigs mailing list
>>> Emerging-sigs at lists.emergingthreats.net
>>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs