[Oisf-users] How to add and update IoC in Suricata?

Mustafa Qasim alajal at gmail.com
Fri Apr 19 12:32:44 UTC 2019


Hi Ariel,

I believe you mean Incidator of Compromise. Every signature is based on
some indicator. You can write additional rules to detect indicators not
covered by existing rules.
------
*Mustafa Qasim*
PGP: C57E0A7C
<http://pgp.mit.edu/pks/lookup?op=get&search=0x0A9C8A5EC57E0A7C>


On Fri, Apr 19, 2019 at 5:51 AM Ariel Garcia <ariel100cfg at yandex.com> wrote:

> Hello!
> I am new with the IDS.
> I have installed a Suricata 4.1.3 + Elasticsearch + Kibana7, all ok, but I
> would like to know how to add and / or update IoC (Indicators of
> commitments) to the Suricata, and where to download them if there is any
> site.
>
> Thank you so much!
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190419/a6e4e110/attachment.html>


More information about the Oisf-users mailing list