[Oisf-users] OT: Rule Updates
Jones, Jason
jasonjones at arbor.net
Sat Nov 7 00:02:02 UTC 2015
Internally we use custom code to pull and insert into a djang-based
management system that tracks revisions / enable / disable of rules / etc.
designed around the "non-standard" way we use suricata in our malware
setup, so not much help :)
I recently heard about Scirius, a web app to manage rules that is part of
SELKS and appears to support both import from ET rulesets and other
one-offs like the SSL Blacklist feed from abuse.ch. Seems similar to the
setup that I built, but never used:
https://github.com/StamusNetworks/scirius
On Fri, Nov 6, 2015 at 10:14 AM, Phil Daws <uxbod at splatnix.net> wrote:
> Hello,
>
> what are people using now to update their rules ? I used to use pulledpork
> for fetching both ET and Snort open rules but that no longer seems to work.
>
> Thanks, Phil
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
--
Jason Jones
ASERT Security Research Analyst
PGP Key: 0x3CD1DDE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151106/2664becd/attachment-0002.html>
More information about the Oisf-users
mailing list