[Oisf-users] How to add and update IoC in Suricata?

Mustafa Qasim alajal at gmail.com
Fri Apr 19 12:32:44 UTC 2019

Hi Ariel,

I believe you mean Incidator of Compromise. Every signature is based on
some indicator. You can write additional rules to detect indicators not
covered by existing rules.
*Mustafa Qasim*

On Fri, Apr 19, 2019 at 5:51 AM Ariel Garcia <ariel100cfg at yandex.com> wrote:

> Hello!
> I am new with the IDS.
> I have installed a Suricata 4.1.3 + Elasticsearch + Kibana7, all ok, but I
> would like to know how to add and / or update IoC (Indicators of
> commitments) to the Suricata, and where to download them if there is any
> site.
> Thank you so much!
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190419/a6e4e110/attachment.html>

More information about the Oisf-users mailing list