Feature Request: Suricata version override for rulecat?

jasonish / py-idstools

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

Other

276 stars 85 forks source link

Feature Request: Suricata version override for rulecat? #38

Closed valorcz closed 7 years ago

valorcz commented 7 years ago

I am merging Suricata ET rules on a server where Suricata daemon is not present, but I know which version of it runs on the boxes. However, rulecat doesn't use '-enhanced' ruleset in such a case, it goes with '-1.3' only.

Would it be possible to add an option with Suricata version override? Or just an option instructing rulecat to download and use the enhanced ruleset?

jasonish commented 7 years ago

For now you could specify the URL with the --url parameter, that will override the default URL used which does take the Suricata version into account.

valorcz commented 7 years ago

Great point, thanks!

jasonish commented 7 years ago

There is now a "--suricata-version " command line argument to idstools-rulecat.

Commit: https://github.com/jasonish/py-idstools/commit/02db0c62133efc47ed793434b4180d452e8b6980

Included in idstools v0.5.6.