nbb-suricata-rules
Get suricata rules from Quad Miners Network Blackbox.
nbb-suricata-rules [profile=PROFILE] [id=ID]
- profile=PROFILE
- The identifier of Network Blackbox connect profile.
- id=ID
- Comma separated ID values.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | The identifier of Network Blackbox connect profile |
| signature_id | Integer | Signature ID | e.g. 2028828 |
| signature | String | Signature | e.g. ET JA3 Hash - Suspected Meterpreter Reverse Shell M1 (set) |
| is_enabled | Bool | Is enabled | |
| is_custom | Bool | Is custom | |
| category | String | Category | e.g. command-and-control |
| src_net | String | Source net | e.g. $HOME_NET |
| src_port_range | String | Source port range | e.g. any |
| dst_net | String | Destination net | e.g. $EXTERNAL_NET |
| dst_port_range | String | Destination port range | e.g. any |
| app | String | App | e.g. tls |
| action | String | Action | e.g. alert |
| reference | String | Reference | e.g. cve,2010-3595 |
| updated | Date | Updated at |