Skip to content

jakewarren/suricata-rule-generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

suricata-rule-generator

Build Status GoDoc MIT License Go Report Card PRs Welcome

Generate suricata rules for IOCs

Install

Option 1: Binary

Download the latest release from https://github.com/jakewarren/suricata-rule-generator/releases/latest

Option 2: From source

go get github.com/jakewarren/suricata-rule-generator

Usage

As a library

package main

import (
	"fmt"

	"github.com/jakewarren/suricata-rule-generator/generator"
)

func main() {
	o := generator.RuleOpts{}

	rule, _ := o.GenerateDNSQueryRule("github.com")
	fmt.Println(rule.String())
	//Output: alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; sid:0; rev:1;)
}

Using the command line tool

❯ suricata-rule-generator dns-query github.com
alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; classtype:trojan-activity; sid:1234; rev:1;)

Supported Generators

CLI option Function Description
dns-query GenerateDNSQueryRule() Generates rule that alerts on a DNS query for the specified domain
ip-traffic GenerateIPTrafficRule() Generates rules that alerts on inbound/outbound traffic from a IP/CIDR (s)

License

MIT © 2019 Jake Warren