Hi,
We’re thinking of building our own suricata rules repository that can be used in all suricata installations based on our expertise in the cyber security field. What is the process of building and registering our rules repository?
T.I.A,
Yuval
Hi,
We’re thinking of building our own suricata rules repository that can be used in all suricata installations based on our expertise in the cyber security field. What is the process of building and registering our rules repository?
T.I.A,
Yuval
I don’t know of any formal process to do that, it would be probably fine if you just pick an sid range that dose not conflict with ET and publish the rules.
As mentioned, pick a SID allocation. You could go here, GitHub - sidallocation/sidallocation.org: Sid Allocation working group, and open an issue for a range which could help avoid conflicts.
The next step would be to publish your rules somewhere, Ideally in a .tar.gz file that follows the layout of Emerging Threats, then create an issue here, GitHub - OISF/suricata-intel-index: Suricata rule and intel index, or even just announce your ruleset here in this forum and we’ll get it added to the index.