Surricata IDS/IPS rule to CSV

Started by MartinCCSS, April 22, 2025, 10:08:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2025, 10:08:35 PM
I would find it helpful if could export the 'Rules' tab to CSV listing which rules are enabled.  Mostly for comparing the rules on different firewalls, which is something I find myself wanting when reviewing the rules on multiple firewalls.
April 24, 2025, 09:49:50 AM #1
Quote from: MartinCCSS on April 22, 2025, 10:08:35 PMI would find it helpful if could export the 'Rules' tab to CSV listing which rules are enabled.  Mostly for comparing the rules on different firewalls, which is something I find myself wanting when reviewing the rules on multiple Geometry Dash firewalls.
Hi MartinCCSS!
You can try OPNsense has official REST API to get firewall configuration, in which can access rule list. I'm not sure, hope it helps!
May 06, 2025, 07:45:59 PM #2
Different rulesets are not compatible, say snort and opnsense. You can manually download the rules via sftp into the router.
May 09, 2025, 10:57:57 PM #3 Last Edit: May 09, 2025, 11:40:51 PM by MartinCCSS
Quote from: AishaHarvey on April 24, 2025, 09:49:50 AM
Quote from: MartinCCSS on April 22, 2025, 10:08:35 PMI would find it helpful if could export the 'Rules' tab to CSV listing which rules are enabled.  Mostly for comparing the rules on different firewalls, which is something I find myself wanting when reviewing the rules on multiple Geometry Dash firewalls.
Hi MartinCCSS!
You can try OPNsense has official REST API to get firewall configuration, in which can access rule list. I'm not sure, hope it helps!

Thanks for the suggestion. I'm not sure if the suggestion will be useful yet, since I'll need to learn REST APIs first, but I notice that Suricata / Intrusion Detection doesn't seem to missing from the REST API documentation. Correction, I found the it in the reference.

I wonder if Suricata has any command line options that I can use.
Print
Go Up Pages1
User actions