Signatures
This repository is designed to provide a way to create and distribute detection signatures easily.
Get creative with your own detection solutions, completely unencumbered by license limitations.
To help combat evil, we firmly commit our work to the public domain for the greater good of the world. :tada:
Downloading Compiled Signatures
- Sign-in to GitHub
- Go-to actions
- Download the latest build from
masterbranch
Dependencies
sudo apt update
sudo apt install make parallel docker.io jq
sudo usermod -a -G docker $USER
sudo systemctl enable docker
sudo rebootBuilding Signatures
- All signatures will be stored in
build/ - Bump builds use an existing build but compile with the target version
- Multiple versions of anything can be supported!
- Use CI/CD to make it your own
Building Suricata Signatures
make suricata-docker version=suricata-6.0.5
make suricata-docker-build version=suricata-6.0.5Building YARA Signatures
make yara-docker version=yara-4.2.0
make yara-docker-build version=yara-4.2.0Building Sigma Signatures
make sigma-docker version=sigma-0.20
make sigma-docker-build version=sigma-0.20 threads=4Packaging Signatures
To package signatures use the following.
Package Targets
make package-targetsPackage All
make packageContributing
If you wish to submit your signatures to the repository please have a look at CONTRIBUTING.md for our style and contribution guidelines.