<html><body><div style="font-family: courier new,courier,monaco,monospace,sans-serif; font-size: 10pt; color: #000000"><div>Thank you all for your contributions.</div><div><br></div><span id="zwchr" data-marker="__DIVIDER__">----- On 7 Nov, 2015, at 00:02, Jones, Jason <jasonjones@arbor.net> wrote:<br></span><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div class="gmail_default">Internally we use custom code to pull and insert into a djang-based management system that tracks revisions / enable / disable of rules / etc. designed around the "non-standard" way we use suricata in our malware setup, so not much help :)</div><div class="gmail_default"><br></div><div class="gmail_default">I recently heard about Scirius, a web app to manage rules that is part of SELKS and appears to support both import from ET rulesets and other one-offs like the SSL Blacklist feed from <a href="http://abuse.ch" target="_blank">abuse.ch</a>. Seems similar to the setup that I built, but never used:</div><div class="gmail_default"><br></div><div class="gmail_default" style="font-family:arial,sans-serif"><span face="arial, helvetica, sans-serif" data-mce-style="font-family: arial, helvetica, sans-serif;" style="font-family: arial, helvetica, sans-serif;"><a href="https://github.com/StamusNetworks/scirius" target="_blank">https://github.com/StamusNetworks/scirius</a></span></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 6, 2015 at 10:14 AM, Phil Daws <span dir="ltr"><<a href="mailto:uxbod@splatnix.net" target="_blank">uxbod@splatnix.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
what are people using now to update their rules ? I used to use pulledpork for fetching both ET and Snort open rules but that no longer seems to work.<br>
<br>
Thanks, Phil<br>
<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Jason Jones</div><div>ASERT Security Research Analyst</div><div>PGP Key: 0x3CD1DDE</div></div></div>
</div><br></blockquote></div></div>
<br><br>
<br><pre></pre><br></body></html>