This is the Git repository for the Sagan engine rule sets. You probably won't find these useful unless you're actually using Sagan! For more information, check out the Sagan main web site at:
https://quadrantsec.com/sagan_log_analysis_engine/
Github related site:
http://github.com/quadrantsec/sagan
Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Sourcefire "Snort" and "Suricata" IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Suricata/Snort IDS/IPS systems.
For more information, please visit the Sagan web site: http://sagan.readthedocs.org and http://sagan.quadrantsec.com .