Signatures

This repository is designed to provide a way to create and distribute detection signatures easily.

Get creative with your own detection solutions, completely unencumbered by license limitations.

To help combat evil, we firmly commit our work to the public domain for the greater good of the world. :tada:

Downloading Compiled Signatures

• Sign-in to GitHub
• Go-to actions
• Download the latest build from master branch

Dependencies

sudo apt update
sudo apt install make parallel docker.io jq
sudo usermod -a -G docker $USER
sudo systemctl enable docker
sudo reboot

Building Signatures

• All signatures will be stored in build/
• Bump builds use an existing build but compile with the target version
• Multiple versions of anything can be supported!
• Use CI/CD to make it your own

Building Suricata Signatures

make suricata-docker version=suricata-6.0.5
make suricata-docker-build version=suricata-6.0.5

Building YARA Signatures

make yara-docker version=yara-4.2.0
make yara-docker-build version=yara-4.2.0

Building Sigma Signatures

make sigma-docker version=sigma-0.20
make sigma-docker-build version=sigma-0.20 threads=4

Packaging Signatures

To package signatures use the following.

Package Targets

make package-targets

Package All

make package

Contributing

If you wish to submit your signatures to the repository please have a look at CONTRIBUTING.md for our style and contribution guidelines.