[Oisf-users] Want to input Cybox output (cyber observables) or OpenIOC (indicater) to Suricata

Christophe Vandeplas christophe at vandeplas.com
Mon Sep 15 12:26:20 UTC 2014

On Mon, Sep 15, 2014 at 2:18 PM, Duarte Silva
<duarte.silva at serializing.me> wrote:
> On Monday 15 September 2014 16:39:46 Muhammad Asif Ihsan wrote:
>> Hi,
>> I am new to suricata users. I have question that can I input Cybox cyber
>> observables or OpenIOC indicators to suricata so that suricata can use this
>> input in its rules for identifying malicious traffic and activity. I am keen
>> to hear from you. Thank you.
> Hi Asif,
> Suricata does not support those kind of files. The only choice would be to
> convert those kind of files to Snort like rule files.

You should be able to import such data in MISP - Malware Information
Sharing Platform.
It's a system that helps you to store, use and share your IOCs.

Once the data is in MISP you can export it to IDS rules, suricata
format for example.

More info about MISP: https://github.com/MISP/MISP



More information about the Oisf-users mailing list