suricata-rule-generator
Generate suricata rules for IOCs
Install
Option 1: Binary
Download the latest release from https://github.com/jakewarren/suricata-rule-generator/releases/latest
Option 2: From source
go get github.com/jakewarren/suricata-rule-generator
Usage
As a library
package main
import (
"fmt"
"github.com/jakewarren/suricata-rule-generator/generator"
)
func main() {
o := generator.RuleOpts{}
rule, _ := o.GenerateDNSQueryRule("github.com")
fmt.Println(rule.String())
//Output: alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; sid:0; rev:1;)
}
❯ suricata-rule-generator dns-query github.com
alert dns any any -> any any (msg:"DNS Query for github.com"; dns_query; content:"github.com"; nocase; metadata:created_at 2019_05_15, updated_at 2019_05_15; classtype:trojan-activity; sid:1234; rev:1;)
Supported Generators
CLI option |
Function |
Description |
dns-query |
GenerateDNSQueryRule() |
Generates rule that alerts on a DNS query for the specified domain |
ip-traffic |
GenerateIPTrafficRule() |
Generates rules that alerts on inbound/outbound traffic from a IP/CIDR (s) |
License
MIT © 2019 Jake Warren