Awesome
surify-cli
Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
Installation
# npm i -g surify-cli
Features
Inputs
- CSV as input (only with header)
(you have to manually set the delimiter)
$ surify c config.json --csv example.csv -d ";" -o suri_csv.rules --sid 1
- JSON as input
$ surify -c config.json --json example.json -o suri.rules
- JSON Lines as input (e.g. from armbues/ioc-parser)
$ surify -c config.json --jsonl example.jsonl -o suri.rules
- flags as input
$ surify -c config.json --test1 1.2.3.4 --test2 9.9.9.9 --sid 120000 -o log
Outputs
- output to stdout
... -o log
- output to file
... -o suri.rules
Examples
An example config.json
and some templates ./templates/*
are available. Further examples are available here.
ToDo
- Tests
- conditions in config.json
- Example in wiki
- surify.js as a standalone package
- autodetect inputtype