Adding IDS Rules Export

To add a new IDS Rules export, follow the below steps:

1. Navigate to the “Exports” tab by clicking on the “Settings” link in the sidebar.

2. Click on the “Exports” tab.

3. Click on the “Add Export” button.

4. Enter the export name, this name will be used to identify the export in the exports list.

5. Select the export type, in this case select “IDS Rules”.

6. Select the export format, IDSTower supports exporting IDS Rules in two formats: - Text format, which is the standard Suricata/Snort IDS Rules format. - STIX 2.1 format, which is a JSON format used in TAXII-based Threat Intelligence Platforms.

   In this guide, we will select the “Text” format.

7. Choose the IDS Rules Transformation settings that you want to be applied to this export, you can either use the default settings (can be found under Settings -> Rules) or customize them for this export.

   For this guide, we will use the default settings.

8. Choose the IDS Rules Filtration settings that you want to be applied to this export, you can either use the default settings (Exporting all enabled IDS Rules) or customize them for this export.

   For this guide, we will use custom settings to export only the rules that are in the “Malware” category.

   

9. Click on the “Add” button to save the export.

10. Now you can see the newly added export in the exports list.

11. Click on “View” link under “Export URL” Column to view the exported IDS Rules, now you can use this URL to download the IDS Rules file in any Suricata instances.

    Note

    The export might take some time to generate, depending on the number of IDS Rules and the transformation settings, once it is generated, it will be catched and served instantly.

    Note

    You can disable the export by clicking on the “Enable/Disable” button, this will stop the export from being generated and served, you can enable it again by clicking on the “Enable” button.