[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-users
Subject:    Re: [Oisf-users] Want to input Cybox output (cyber observables) or OpenIOC (indicater) to Suricata
From:       Christophe Vandeplas <christophe () vandeplas ! com>
Date:       2014-09-15 12:26:20
Message-ID: CACjrQ-VOBMzAbGix7pdhP1ZVS+-udHGHzLzDPJbyAvsLQTd=gA () mail ! gmail ! com
[Download RAW message or body]

On Mon, Sep 15, 2014 at 2:18 PM, Duarte Silva
<duarte.silva@serializing.me> wrote:
> On Monday 15 September 2014 16:39:46 Muhammad Asif Ihsan wrote:
>> Hi,
>>
>>
>>
>> I am new to suricata users. I have question that can I input Cybox cyber
>> observables or OpenIOC indicators to suricata so that suricata can use this
>> input in its rules for identifying malicious traffic and activity. I am keen
>> to hear from you. Thank you.
> Hi Asif,
>
> Suricata does not support those kind of files. The only choice would be to
> convert those kind of files to Snort like rule files.

You should be able to import such data in MISP - Malware Information
Sharing Platform.
It's a system that helps you to store, use and share your IOCs.

Once the data is in MISP you can export it to IDS rules, suricata
format for example.

More info about MISP: https://github.com/MISP/MISP

Greets

Christophe
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]