search

jakewarren / suricata-rule-generator

Quickly generate suricata rules for IOCs
MIT License
28 stars 8 forks source link
ids iocs suricata suricata-rules

readme

suricata-rule-generator

Build Status GoDoc MIT License Go Report Card PRs Welcome

Generate suricata rules for IOCs

Install

Option 1: Binary

Download the latest release from https://github.com/jakewarren/suricata-rule-generator/releases/latest

Option 2: From source

go get github.com/jakewarren/suricata-rule-generator

Usage

As a library

package main

import (
    "fmt"

    "github.com/jakewarren/suricata-rule-generator/generator"
)

func main() {
    o := generator.RuleOpts{}

    rule, _ := o.GenerateDNSQueryRule("github.com")
    fmt.Println(rule.String())
    //Output: alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; sid:0; rev:1;)
}

Using the command line tool

❯ suricata-rule-generator dns-query github.com
alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; classtype:trojan-activity; sid:1234; rev:1;)

Supported Generators

CLI option Function Description
dns-query GenerateDNSQueryRule() Generates rule that alerts on a DNS query for the specified domain
ip-traffic GenerateIPTrafficRule() Generates rules that alerts on inbound/outbound traffic from a IP/CIDR (s)

License

MIT © 2019 Jake Warren