Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

Stars: ✭ 140 (-2.1%)

Mutual labels: suricata, ids

Evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Stars: ✭ 286 (+100%)

Mutual labels: ids, suricata

Selks

A Suricata based IDS/IPS distro

Stars: ✭ 707 (+394.41%)

Mutual labels: ids, suricata

Zabbix

Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.

Stars: ✭ 1,914 (+1238.46%)

Mutual labels: network-monitoring

Uuid Random

Fastest UUID with cryptographic PRNG for JS

Stars: ✭ 87 (-39.16%)

Mutual labels: ids

Teler

Real-time HTTP Intrusion Detection

Stars: ✭ 1,248 (+772.73%)

Mutual labels: ids

Gadgets

Gadgets for Rainmeter

Stars: ✭ 72 (-49.65%)

Mutual labels: network-monitoring

Chucker

🔎 An HTTP inspector for Android & OkHTTP (like Charles but on device)

Stars: ✭ 2,169 (+1416.78%)

Mutual labels: network-monitoring

Sniffer

Networking activity logger for Swift

Stars: ✭ 108 (-24.48%)

Mutual labels: network-monitoring

Adjective Adjective Animal

Suitably random and reasonably unique human readable (and fairly adorable) ids

Stars: ✭ 69 (-51.75%)

Mutual labels: ids

Yas

Yet Another Sniffer for monitoring network traffic

Stars: ✭ 62 (-56.64%)

Mutual labels: network-monitoring

Nfr

A lightweight tool to score network traffic and flag anomalies

Stars: ✭ 104 (-27.27%)

Mutual labels: suricata

View All Similar Projects ➔

Suricata-Update

The tool for updating your Suricata rules.

Installation

pip install --upgrade suricata-update

Documentation

https://suricata-update.readthedocs.io/en/latest/

Issues

https://redmine.openinfosecfoundation.org/projects/suricata-update

Example Usage

suricata-update

The default invocation of suricata-update will perform the following:

Read the configuration, /etc/suricata/update.yaml, if it exists.
Read in the rule filter configuration files:
- /etc/suricata/disable.conf
- /etc/suricata/enable.conf
- /etc/suricata/drop.conf
- /etc/suricata/modify.conf
Download the best version of the Emerging Threats Open ruleset for the version of Suricata found.
Read in the rule files provided with the Suricata distribution from /etc/suricata/rules.
Apply disable, enable, drop and modify filters.
Resolve flowbits.
Write the rules to /var/lib/suricata/rules/suricata.rules.

If you are not yet ready to use /var/lib/suricata/rules then you may be interested in the --output <http://suricata-update.readthedocs.io/en/latest/#cmdoption-o>_ and --no-merge <http://suricata-update.readthedocs.io/en/latest/#cmdoption-o>_ command line options.

Suricata Configuration

The default Suricata configuration needs to be updated to find the rules in the new location.

Example suricata.yaml

.. code-block:: yaml

default-rule-path: /var/lib/suricata/rules rule-files: - suricata.rules

Optionally -S /var/lib/suricata/rules/suricata.rules could be provided on the Suricata command line.

Notes

This suricata-update tool is based around the idea /etc/suricata should not be used for active rule management, but instead as a location for more or less static configuration. Instead /var/lib/suricata is used for rule management and /etc/suricata/rules is used as a source for rule files provided by the Suricata distribution.

Files and Directories

/usr/share/suricata/rules Used as a source of rules provided by the Suricata engine. If this directory does not exist, etc/suricata/rules will be used.

/etc/suricata/update.yaml The default location for the suricata-update configuration file.

/etc/suricata/disable.conf Default location for disable rule filters if not provided in the configuration file or command line.

/etc/suricata/enable.conf Default location for enable rule filters if not provided in the configuration file or command line.

/etc/suricata/drop.conf Default location for drop rule filters if not provided in the configuration file or command line.

/etc/suricata/modify.conf Default location for modify rule filters if not provided in the configuration file or command line.

/var/lib/suricata/rules The output directory for rules processed by the suricata-update tool. This directory is owned and managed by suricata-update and should not be touched by the user.

/var/lib/suricata/rules/suricata.rules The default output filename for the rules processed by suricata-update.

This is a single file that contains all the rules from all input files and should be used by Suricata.

/var/lib/suricata/update/cache Directory where downloaded rule files are cached here.

/var/lib/suricata/rules/cache/index.yaml Cached copy of the rule source index.

/var/lib/suricata/update/sources Configuration direction for sources enabled or added with enable-source or add-source.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 143

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (13) 🔗