SNORT rules Advanced Parser for pulledpork

merlos Linux, Security, SOC 22/11/201525/07/2017

Security Onion is an Ubuntu based distribution created to handle a lot of Security task.

One of the security tool installed is SNORT, the best open source Intrusion Detection System (IDS). Security Onion use Pulledpork to get IDS rules and process them.

I wrote a perl script to make advanced modification to the downloaded SNORT rules. This script can handle rule transformation based on regular expression and multiple substitution patterns.

Source code is available on my personal github in snort-rules-customization repository and the package can be downloaded directly from github.

The README file details

Hope someone else find it useful as I did.

Enjoy
@merlos

Published by merlos

Founder and president of Cyber Saiyan - www.cybersaiyan.it - a no profit organization founded to promote social initiatives to spread cyber security and ethical hacking culture; Cyber Saiyan organizes RomHack Conference and Camp romhack.camp View all posts by merlos

Published 22/11/201525/07/2017

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Share this:

Like this:

Related

Published by merlos

Leave a Reply Cancel reply