Skip to content

raw-data/pymisp-suricata_search

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
imgs
 
 
README.md
 
 
keys.py.sample
 
 
suricata_search.py
 
 
Description Usage Conf Screenshots

README.md

Description

Get all attributes, from a MISP (https://github.com/MISP) instance, that can be converted into Suricata rules, given a parameter and a term to search

requires

Usage

  • suricata_search.py -p tags -s 'APT' -o misp_ids.rules -t 5

    • search for 'APT' tag
    • use 5 threads while generating IDS rules
    • dump results to misp_ids.rules

  • suricata_search.py -p tags -s 'APT' -o misp_ids.rules -ne 411 357 343

    • same as above, but skip events ID 411,357 and 343

  • suricata_search.py -p tags -s 'circl:incident-classification="malware", tlp:green' -o misp_ids.rules

    • search for multiple tags 'circl:incident-classification="malware", tlp:green'

  • suricata_search.py -p categories -s 'Artifacts dropped' -t 20 -o artifacts_dropped.rules

    • search for category 'Artifacts dropped'
    • use 20 threads while generating IDS rules
    • dump results to artifacts_dropped.rules

Conf

  • rename keys.py.sample to keys.py
  • set appropriate value for:
    • misp_url
    • misp_key

Screenshots

python3 suricata_search.py -p tags -s 'APT' -o misp_ids.rules -t 5

suricata_search_tag

python3 suricata_search.py -p tags -s 'APT, tlp:green' -o misp_ids.rules -t 5

suricata_search_tag_x2

About

Multi-threaded suricata search module for MISP

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages