[Zeek] Converting Rule suricata to zeek
Vincenzo
vincyforce at gmail.com
Thu Apr 23 05:35:33 PDT 2020
I am working on a suricata signature converter and converting them for
Zeek, starting from this development https://github.com/adi928/brocata
(which currently does not work), and I am doing various bug fixing and
expanding it.
But I have only one problem, it concerns the conversion of the rules
containing the suricata pcre into expressions compatible with zeek ("flex").
has anyone ever approached this development and could you give me some
advice?
Anyone knows other development for this scope?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200423/25d72ddc/attachment.html
More information about the Zeek
mailing list