we have a tool that was written in python that is meant to try and convert a Suricata 5 formatted rule into a snort rule, because we have to support both.
-
we have a tool that was written in python that is meant to try and convert a Suricata 5 formatted rule into a snort rule, because we have to support both. It was called musketeer.
It has since been unmaintained, because it was considered way too much trouble.
I grabbed it before it was axed, made a couple of very minor changes, and renamed it janksketeer. Because I'm not a good programmer, the shit I do is really jank. Its not perfect, but it gets close enough to give me the scaffolding I need to either hang myself or make something that works.
-
R relay@relay.infosec.exchange shared this topic
-
we have a tool that was written in python that is meant to try and convert a Suricata 5 formatted rule into a snort rule, because we have to support both. It was called musketeer.
It has since been unmaintained, because it was considered way too much trouble.
I grabbed it before it was axed, made a couple of very minor changes, and renamed it janksketeer. Because I'm not a good programmer, the shit I do is really jank. Its not perfect, but it gets close enough to give me the scaffolding I need to either hang myself or make something that works.
@da_667 you should s/janksketeer/janksteeter/g and see who notices
-
we have a tool that was written in python that is meant to try and convert a Suricata 5 formatted rule into a snort rule, because we have to support both. It was called musketeer.
It has since been unmaintained, because it was considered way too much trouble.
I grabbed it before it was axed, made a couple of very minor changes, and renamed it janksketeer. Because I'm not a good programmer, the shit I do is really jank. Its not perfect, but it gets close enough to give me the scaffolding I need to either hang myself or make something that works.
@da_667
I love how the intro to suricata is "it's like snort but multi thread!"And then the more you look the more you realize that suricata and snort are like frisian vs dutch
-
we have a tool that was written in python that is meant to try and convert a Suricata 5 formatted rule into a snort rule, because we have to support both. It was called musketeer.
It has since been unmaintained, because it was considered way too much trouble.
I grabbed it before it was axed, made a couple of very minor changes, and renamed it janksketeer. Because I'm not a good programmer, the shit I do is really jank. Its not perfect, but it gets close enough to give me the scaffolding I need to either hang myself or make something that works.
@da_667 Do you happen to have a URL for the original source repo of Musketeer?
-
@da_667 Do you happen to have a URL for the original source repo of Musketeer?
@InvertedLina its an internal tool, but... most of its code was integrated in with IoT_Hunter to auto-convert Suri5 IoT rules in a very similar manner. https://github.com/EmergingThreats/iot-hunter
