Giter VIP home page Giter VIP logo

Comments (10)

DigiAngel avatar DigiAngel commented on May 28, 2024

Correction, that's the signature field..I have it named as ids_alert :)

from py-idstools.

jasonish avatar jasonish commented on May 28, 2024

Are you pointing the script at the full rules, or just the sig-msg.map?

from py-idstools.

DigiAngel avatar DigiAngel commented on May 28, 2024

Oh...I'm point it everywhere :)

/usr/bin/python /opt/py-idstools/bin/idstools-u2eve -C /opt/etc/snort/classification.config -S /opt/etc/snort/sid-msg.map -G /opt/etc/snort/gen-msg.map --bookmark --follow --directory /opt/var/log/bleh --prefix bleh --packet-printable --output /tmp/blehunified.json

Every other rule shows up fine, but just not the SN: ones.

from py-idstools.

jasonish avatar jasonish commented on May 28, 2024

Can you check your sid-msg.map and make sure the rule message is correct there? I've added unit tests to the rule, and sid-msg.map parser and am not able to replicate this.

from py-idstools.

DigiAngel avatar DigiAngel commented on May 28, 2024

As it appears in the sid-msg.map:

71918985 || SN || url,https

Sparse, to be sure ;) Thanks Jason.

from py-idstools.

jasonish avatar jasonish commented on May 28, 2024

What created your sid-msg.map?

from py-idstools.

DigiAngel avatar DigiAngel commented on May 28, 2024

from py-idstools.

jasonish avatar jasonish commented on May 28, 2024

Ok, might want to raise a bug over there. In the mean time you could use idstools-gensidmsgmap to regenerate your sid-msg.map file. Something like:

idstools-gensidmsgmap ./rules ./so_rules ./preproc_rules > sid-msg.map

from py-idstools.

jasonish avatar jasonish commented on May 28, 2024

Closing as note an idstools issue, but I did add tests for these cases.

from py-idstools.

DigiAngel avatar DigiAngel commented on May 28, 2024

Ok cool thanks Jason.

from py-idstools.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.