Snort mailing list archives
Re: rules management tools
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Thu, 31 Mar 2011 12:32:00 -0400
On Thu, 31 Mar 2011 13:05:23 -0300, CleBeer wrote:
I thinking in some thing like base with a web ui, this way we don't create a dependence of desktop OSes. Other idea is port the ruleset to a database and make some script that create de ruleset files reading the database. what you guys think about it?
This aligns somewhat with our new rule management system that is currently in development. That is, we manage the rules in a database and produce the individual rule files from queries to the database. We are incorporating many other things to go along with the system (everything that revolves around rule creation, testing, sid assignment, revision increments, rule deletions, modifications, cross-referencing, other internal processes etc...) which unfortunately makes our schema rather large and considerably more complex than a tool like you are suggesting would require. Having said that, for simple rule maintenance tasks a database schema should be relatively simple to create. Using a database would certainly make the creation of a GUI easier to accomplish, and for cross-platform purposes the web UI would more than likely be the best choice. (I would write it in Perl, but Python would be good too) It would also require the creation of a tool to import the data into the database after using something like Pulled Pork to download. The best thing to do would be to create a patch for Pulled Pork to do this work once the schema is written, that way there is one tool to download the rules and put them into the storage area for management purposes. I'm sure JJ would welcome the addition of this feature to Pulled Pork. The functionality to edit Pulled Pork configuration within the rule management tool would also prove useful to many as well. :D -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- rules management tools Pat John (Mar 31)
- Re: rules management tools Joel Esler (Mar 31)
- Re: rules management tools Nigel Houghton (Mar 31)
- Re: rules management tools CleBeer (Mar 31)
- Re: rules management tools beenph (Mar 31)
- Re: rules management tools Nigel Houghton (Mar 31)
- Re: rules management tools Nigel Houghton (Mar 31)
- Re: rules management tools Joel Esler (Mar 31)
- Re: rules management tools Crusty Saint (Mar 31)