MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
PyMISP/examples/suricata_search
History
raw-data 8b90a85254 fix args.quiet and status msgs 2017-07-03 21:16:38 +01:00
..
README.md add multithreaded suricata search code, fetching ids rules based on parameters and terms 2017-06-28 14:21:43 +01:00
suricata_search.py fix args.quiet and status msgs 2017-07-03 21:16:38 +01:00

README.md

Description

Get all attributes, from a MISP (https://github.com/MISP) instance, that can be converted into Suricata rules, given a parameter and a term to search

requires

Usage

  • suricata_search.py -p tags -s 'APT' -o misp_ids.rules -t 5

    • search for 'APT' tag
    • use 5 threads while generating IDS rules
    • dump results to misp_ids.rules

  • suricata_search.py -p tags -s 'APT' -o misp_ids.rules -ne 411 357 343

    • same as above, but skip events ID 411,357 and 343

  • suricata_search.py -p tags -s 'circl:incident-classification="malware", tlp:green' -o misp_ids.rules

    • search for multiple tags 'circl:incident-classification="malware", tlp:green'

  • suricata_search.py -p categories -s 'Artifacts dropped' -t 20 -o artifacts_dropped.rules

    • search for category 'Artifacts dropped'
    • use 20 threads while generating IDS rules
    • dump results to artifacts_dropped.rules