README
¶
suricata-rule-generator
Generate suricata rules for IOCs
Install
Option 1: Binary
Download the latest release from https://github.com/jakewarren/suricata-rule-generator/releases/latest
Option 2: From source
go get github.com/jakewarren/suricata-rule-generator
Usage
As a library
package main
import (
"fmt"
"github.com/jakewarren/suricata-rule-generator/generator"
)
func main() {
o := generator.RuleOpts{}
rule, _ := o.GenerateDNSQueryRule("github.com")
fmt.Println(rule.String())
//Output: alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; sid:0; rev:1;)
}
Using the command line tool
❯ suricata-rule-generator dns-query github.com
alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; classtype:trojan-activity; sid:1234; rev:1;)
Supported Generators
| CLI option | Function | Description |
|---|---|---|
| dns-query | GenerateDNSQueryRule() | Generates rule that alerts on a DNS query for the specified domain |
| ip-traffic | GenerateIPTrafficRule() | Generates rules that alerts on inbound/outbound traffic from a IP/CIDR (s) |
License
MIT © 2019 Jake Warren
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.