Rule Importer Instrument
Tool for importing, generating and deploying Suricata rules from packaged rule sets and blacklisted addresses.
Pre-created rules can be obtained from rule packages such as Emerging Threats. Blacklist rule generation supports IP addresses and DNS names with optional comment listed in semicolon-separated CSV file.
These files are configured for download using Fleet Management, and Rule Importer does the rest. It keeps track of Suricata instruments and delivers rules to them when downloaded files are changed.
Suricata group ID (gid) is added or changed from rules so Rule Importer won’t conflict with other rule sources such as Rule Manager Instrument.
Properties
Developer | SensorFleet Oy |
Categories | Attack Detection, Traffic Analysis, IDS |
Network access type | None |
Required interfaces | None |
Dependencies | Suricata IDS |
Data retention | Stores latest generated rule set to application RAM and a list of current Suricata IDS Instruments to persistent data. Does not store user specific data. |
Management UI | Yes |