{"id":20683319,"url":"https://github.com/oisf/suricata-update","last_synced_at":"2025-05-15T00:13:46.199Z","repository":{"id":26510806,"uuid":"109008451","full_name":"OISF/suricata-update","owner":"OISF","description":"The tool for updating your Suricata rules.","archived":false,"fork":false,"pushed_at":"2025-04-08T22:56:25.000Z","size":5226,"stargazers_count":270,"open_issues_count":12,"forks_count":96,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-05-10T23:32:33.684Z","etag":null,"topics":["ids","ips","network-monitoring","nsm","security","suricata"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OISF.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-10-31T14:35:39.000Z","updated_at":"2025-04-14T19:51:36.000Z","dependencies_parsed_at":"2023-02-16T10:15:39.891Z","dependency_job_id":"28c9cc0e-f637-47a8-91ad-282d71ea28db","html_url":"https://github.com/OISF/suricata-update","commit_stats":{"total_commits":339,"total_committers":25,"mean_commits":13.56,"dds":0.5486725663716814,"last_synced_commit":"ee45098178b0059b0efccbac781caa613c4c8d55"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OISF%2Fsuricata-update","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OISF%2Fsuricata-update/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OISF%2Fsuricata-update/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OISF%2Fsuricata-update/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OISF","download_url":"https://codeload.github.com/OISF/suricata-update/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254249206,"owners_count":22039029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ids","ips","network-monitoring","nsm","security","suricata"],"created_at":"2024-11-16T22:16:16.457Z","updated_at":"2025-05-15T00:13:41.018Z","avatar_url":"https://github.com/OISF.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Suricata-Update\n===============\n\nThe tool for updating your Suricata rules.\n\nInstallation\n------------\n\n    pip install --upgrade suricata-update\n\nDocumentation\n-------------\n\nhttps://suricata-update.readthedocs.io/en/latest/\n\nIssues\n------\n\nhttps://redmine.openinfosecfoundation.org/projects/suricata-update\n\nExample Usage\n-------------\n\n    suricata-update\n\nThe default invocation of ``suricata-update`` will perform the following:\n\n- Read the configuration, /etc/suricata/update.yaml, if it exists.\n- Read in the rule filter configuration files:\n\n  - /etc/suricata/disable.conf\n  - /etc/suricata/enable.conf\n  - /etc/suricata/drop.conf\n  - /etc/suricata/modify.conf\n\n- Download the best version of the Emerging Threats Open ruleset for\n  the version of Suricata found.\n- Read in the rule files provided with the Suricata distribution from\n  /etc/suricata/rules.\n- Apply disable, enable, drop and modify filters.\n- Resolve flowbits.\n- Write the rules to /var/lib/suricata/rules/suricata.rules.\n\nIf you are not yet ready to use /var/lib/suricata/rules then you may\nbe interested in the `--output\n\u003chttp://suricata-update.readthedocs.io/en/latest/#cmdoption-o\u003e`_ and\n`--no-merge\n\u003chttp://suricata-update.readthedocs.io/en/latest/#cmdoption-o\u003e`_\ncommand line options.\n\nSuricata Configuration\n----------------------\n\nThe default Suricata configuration needs to be updated to find the rules\nin the new location.\n\nExample suricata.yaml\n\n.. code-block:: yaml\n\n  default-rule-path: /var/lib/suricata/rules\n  rule-files:\n    - suricata.rules\n\nOptionally ``-S /var/lib/suricata/rules/suricata.rules`` could be\nprovided on the Suricata command line.\n\nNotes\n-----\n\nThis ``suricata-update`` tool is based around the idea\n``/etc/suricata`` should not be used for active rule management, but\ninstead as a location for more or less static configuration.  Instead\n``/var/lib/suricata`` is used for rule management and\n``/etc/suricata/rules`` is used as a source for rule files provided by\nthe Suricata distribution.\n\nFiles and Directories\n---------------------\n\n``/usr/share/suricata/rules``\n   Used as a source of rules provided by the Suricata engine. If this\n   directory does not exist, ``etc/suricata/rules`` will be used.\n\n``/etc/suricata/update.yaml``\n  The default location for the ``suricata-update`` configuration file.\n\n``/etc/suricata/disable.conf``\n  Default location for disable rule filters if not provided in the\n  configuration file or command line.\n\n``/etc/suricata/enable.conf``\n  Default location for enable rule filters if not provided in the\n  configuration file or command line.\n\n``/etc/suricata/drop.conf``\n  Default location for drop rule filters if not provided in the\n  configuration file or command line.\n\n``/etc/suricata/modify.conf``\n  Default location for modify rule filters if not provided in the\n  configuration file or command line.\n  \n``/var/lib/suricata/rules``\n  The output directory for rules processed by the ``suricata-update``\n  tool. This directory is owned and managed by ``suricata-update`` and\n  should not be touched by the user.\n\n``/var/lib/suricata/rules/suricata.rules``\n  The default output filename for the rules processed by ``suricata-update``.\n\n  This is a single file that contains all the rules from all input\n  files and should be used by Suricata.\n\n``/var/lib/suricata/update/cache``\n  Directory where downloaded rule files are cached here.\n\n``/var/lib/suricata/rules/cache/index.yaml``\n  Cached copy of the rule source index.\n\n``/var/lib/suricata/update/sources``\n  Configuration direction for sources enabled or added with\n  ``enable-source`` or ``add-source``.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foisf%2Fsuricata-update","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foisf%2Fsuricata-update","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foisf%2Fsuricata-update/lists"}