Rule Importer Instrument

Tool for importing, generating and deploying Suricata rules from packaged rule sets and blacklisted addresses.

Pre-created rules can be obtained from rule packages such as Emerging Threats. Blacklist rule generation supports IP addresses and DNS names with optional comment listed in semicolon-separated CSV file.

These files are configured for download using Fleet Management, and Rule Importer does the rest. It keeps track of Suricata instruments and delivers rules to them when downloaded files are changed.

Suricata group ID (gid) is added or changed from rules so Rule Importer won’t conflict with other rule sources such as Rule Manager Instrument.

Properties

Developer SensorFleet Oy
Categories Attack Detection, Traffic Analysis, IDS
Network access type None
Required interfaces None
Dependencies Suricata IDS
Data retention Stores latest generated rule set to application RAM and a list of current Suricata IDS Instruments to persistent data. Does not store user specific data.
Management UI No