Security Onion is an Ubuntu based distribution created to handle a lot of Security task.
One of the security tool installed is SNORT, the best open source Intrusion Detection System (IDS). Security Onion use Pulledpork to get IDS rules and process them.
I wrote a perl script to make advanced modification to the downloaded SNORT rules. This script can handle rule transformation based on regular expression and multiple substitution patterns.
Source code is available on my personal github in snort-rules-customization repository and the package can be downloaded directly from github.
The README file details
- Download and Install tasks
- Script options
- Test mode and how the script works
- Basic configuration
- How to write custom rules
- Integration with Security Onion
Hope someone else find it useful as I did.
Enjoy
@merlos
Scubarda 