PulledPork for Snort and Suricata rule management.
Features and Capabilities:
* Automated downloading, parsing, state modification and rule modification for all of your snort rulesets.
* Checksum verification for all major rule downloads
* Automatic generation of updated sid-msg.map file
* Capability to include your local.rules in sid-msg.map file
* Capability to pull rules tarballs from custom urls
* Complete Shared Object support
* Complete IP Reputation List support
* Capability to download multiple disparate rulesets at once
* Maintains accurate changelog
* Capability to HUP processes after rules download and process
* Aids in tuning of rulesets
* Verbose output so that you know EXACTLY what is happening
* Minimal Perl Module dependencies
* Support for Suricata, and ETOpen/ETPro rulesets
* A sweet smokey flavor throughout the pork!
pulledpork v0.7.3
Special Notes Section
Please note that pulledpork runs rule modification (enable, drop, disable, modify) in that order by default..
1: enable
2: drop
3: disable
This means that disable rules will always take precedence.. thusly if you specify the same gid:sid in enable and disable configuration files, then that sid will be disabled.. keep this in mind for ranges also! However, you can specify a different order using the state_order keyword in the master config file.
Usage and Download:
packman libcrypt-ssleay-perl yum install libcrypt-ssleay-perl apt-get install libcrypt-ssleay-perl git clone https://github.com/shirkdog/pulledpork && cd pulledpork perl pulledpork.pl -h perl pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz -i disablesid.conf -T -H
Source: https://github.com/shirkdog