[Oisf-users] Want to input Cybox output (cyber observables) or OpenIOC (indicater) to Suricata

Duarte Silva duarte.silva at serializing.me
Mon Sep 15 12:18:59 UTC 2014


On Monday 15 September 2014 16:39:46 Muhammad Asif Ihsan wrote:
> Hi,
> 
> 
> 
> I am new to suricata users. I have question that can I input Cybox cyber
> observables or OpenIOC indicators to suricata so that suricata can use this
> input in its rules for identifying malicious traffic and activity. I am keen
> to hear from you. Thank you.
Hi Asif,

Suricata does not support those kind of files. The only choice would be to 
convert those kind of files to Snort like rule files.

Cheers,
Duarte



More information about the Oisf-users mailing list