MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

bugfix in Suricata export template 

PR for reported bug https://github.com/MISP/MISP/issues/5766 based on suggestion @stacsirt, tested on my instance and it is working great
pull/5821/head
Cooper Dale 2020-04-27 09:49:09 +02:00 committed by GitHub
parent a2928a09db
commit 601a0ed4f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Lib/Export/NidsSuricataExport.php
View File

@ -131,12 +131,12 @@ class NidsSuricataExport extends NidsExport
$data['host'] = NidsExport::replaceIllegalChars($data['host']);
$tag = 'tag:session,600,seconds;';
# IP: classic IP rule for HTTPS
$suricata_protocol = 'tcp';
$suricata_protocol = 'tls';
$suricata_src_ip = '$HOME_NET';
$suricata_src_port = 'any';
$suricata_dst_ip = $data['host'];
$suricata_dst_ip = '$EXTERNAL_NET';
$suricata_dst_port = NidsExport::getProtocolPort($scheme, $data['port']);
$content = 'flow:to_server; app-layer-protocol:tls;';
$content = 'tls_sni; content:"' . $data['host'] . '";';
break;
case "ssh":