Comments (6)
Its a pretty crude rule management tool that I started as I wasn't happy with the workflow of the alternatives. I wouldn't call it finished, but its all I've used for the past couple years. I put together a basic usage example here: https://github.com/jasonish/py-idstools/wiki/Ruleman
The "output" is a file called snort.rules which you would then include in your snort.conf instead of all the individual rule, preproc_rule, and so_rule includes.
My current issue with the tool is it didn't quite end up where I wanted. More and more I want something backed by git, so I may take it that direction and give it a more git-like workflow. Also, using something like SQLite as the backend could really speed it up I think.
Anyways, if you are interested in such a tool, or about to work on your own you should really drop me an email.
from py-idstools.
It now makes more sense. I will email you if we proceed, as this is more of a command line tool whereas we are looking for something to embed as part of a rails app. Also, using idstools has worked great for indexing events into elasticsearch ... once we do some more testing it will be open sourced. Thanks.
from py-idstools.
Part of the idea of ruleman was to break out some code from an existing
tool I had into the idstools library for working with Snort rules. Some of
this code may still be under idstools.ruleman instead of the proper
library, but in time I plan to get that sorted out. Like idstools can
already help someone in creating their own Barnyard, I want idstools to
also make it more or less simple to create your own OinkMaster or
PulledPork.
A web based rule management tool is the scope of another I may be involved
with soon.
On Sat, Nov 1, 2014 at 8:43 AM, chris [email protected] wrote:
It now makes more sense. I will email you if we proceed, as this is more
of a command line tool whereas we are looking for something to embed as
part of a rails app. Also, using idstools has worked great for indexing
events into elasticsearch ... once we do some more testing it will be open
sourced. Thanks.—
Reply to this email directly or view it on GitHub
#9 (comment).
from py-idstools.
Following the wiki, I get this:
idstools-ruleman update
error: unknown command: update
usage: idstools-ruleman <command> [args...]
Commands:
fetch Fetch rule sources
source Manage rule sources
disable Disable rules
search Search rules
apply Apply ruleset modifications and write
config Configuration commands
dump-dynamic-rules Dump dynamic rules
... should I use fetch instead of update ?
from py-idstools.
Update must only be in git master. A fetch followed by an apply is effectively the same as an update. I just combined them into a single command as it's the most commonly done operation after initial setup.
You can use the tool from a git checkout just by calling bin/idstools-ruleman directly from the working directory. It doesn't need to be installed - it'll pick up right idstools lib based on its execution location.
On Nov 1, 2014, at 9:15 AM, chris [email protected] wrote:
Following the wiki, I get this:
idstools-ruleman update
error: unknown command: update
usage: idstools-ruleman [args...]Commands:
fetch Fetch rule sources
source Manage rule sources
disable Disable rules
search Search rules
apply Apply ruleset modifications and write
config Configuration commands
dump-dynamic-rules Dump dynamic rules
... should I use fetch instead of update ?—
Reply to this email directly or view it on GitHub.
from py-idstools.
Thanks again.
from py-idstools.
Related Issues (20)
- cannot parse rule HOT 2
- appStats u2 can't work HOT 1
- Bug: Multiple instances of rule options fields clobber eachother HOT 4
- Recent versions of Snort unified2 not supported. HOT 5
- Feature Request: ability to parse the source, destination, protocol using dictionary.
- SoolRecordReader stop working HOT 2
- eve2pcap.py fails with IPv6 addresses HOT 1
- python2-scapy as pkg dependency
- Connection with suricata-update HOT 2
- Coverting packets object to pcap file HOT 7
- Feature request: mutate metadata key value pairs
- Add .md5 extension between URL's filename and its parameters HOT 1
- Provide option for idstools-u2eve to reload sid-msg.map after updating sid-msg.map contents. HOT 1
- Unified2 Event Types mpls, vlan, and appid not included in u2eve output
- u2json event.appid output is in byte format and mangled
- Tests fail with python 3.11 HOT 1
- Rule parsing fails if last option doesn't close with semi-colon HOT 1
- memory usage increase issue HOT 3
- New release to support python 3.13 HOT 6
- Wrong parsing of pcre and possibly others
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from py-idstools.