Generate suricata rules for IOCs
Download the latest release from https://github.com/jakewarren/suricata-rule-generator/releases/latest
go get github.com/jakewarren/suricata-rule-generator
package main
import (
"fmt"
"github.com/jakewarren/suricata-rule-generator/generator"
)
func main() {
o := generator.RuleOpts{}
rule, _ := o.GenerateDNSQueryRule("github.com")
fmt.Println(rule.String())
//Output: alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; sid:0; rev:1;)
}
❯ suricata-rule-generator dns-query github.com
alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; classtype:trojan-activity; sid:1234; rev:1;)
CLI option | Function | Description |
---|---|---|
dns-query | GenerateDNSQueryRule() | Generates rule that alerts on a DNS query for the specified domain |
ip-traffic | GenerateIPTrafficRule() | Generates rules that alerts on inbound/outbound traffic from a IP/CIDR (s) |
MIT © 2019 Jake Warren