IDSTower provides a smart Rules Editing, Parsing & Transformation features, All with Integrated Built-in Suricata Documentation, helping you Analyst to Tune Rules correctly.
Edit Rules Code without touching text files.
Set Rule Priority, Target and other options without editing the rule source code!, all the changes you set through the UI will be intelligently inserted into the final rule and they will override the option if it was already set in Rule Source Code.
Hover your cursor over the Question mark (?) beside each option to view its documentation.
Insert Custom Tags to add more context to the IDS Rules, which will help your analysts triage alerts faster & better.
When you customize a rule through rule options, IDSTower will copy those customizations to the new rule revisions once you import them, this helps you capitalize on the continues tunning efforts done by your Analyst & Admins to the external (commercial & free) Rulesets.
Rules Transformation allow you to alter the final rule sent to Suricata without having to edit the rule source code manually, you can use this to add more context to the alerts (eg: via tags), override keywords value like priority, add references to your analysts and much more!
You can control enabled Rules transformations via settings page, choose the transformation you need.