Suricata offers the capability to alert on 10's of Thousands of Indicators of Compromise including IPs, Domains, Hashes & more!, IDSTower enables you to do this with no effort!
Control Enabled Indicators via the Indicators Management Interface, set score, Enable, disable & investigate.
Control the indicators you want Suricata to alerts you on via the Indicators Alerting Settings page.
IDSTower will configure Suricata to alert on the Enabled Indicators & will update Suricata with the new Indicators automatically without you having to configure anything.
IDSTower comes integrated 14 (more coming!) Open Source & commercial feeds that both covers IDS Rules and Indicators of Compromise, just click on Enable and IDSTower will do the rest!
Emerging Threats, abuse.ch Feodo Tracker, abuse.ch SSLBL Botnet C2, abuse.ch ThreatFox, Secureworks and more!, now can be enabled with a single click.
You can also add custom TAXII/STIX (2.0 & 2.1), MISP and generic (text, csv, json) feeds to IDSTower to import IOCs and push them to Suricata.
IDSTower will download, parse, ingest, score & auto-expire indicators, all automatically, while still giving you the control on all of these steps when needed.
IDSTower will download, parse, ingest, enable new rule revisions, expire old rules revisions and merge all of the tunning you did to the old revisions to the new ones, all automatically.
You can configure the feeds settings via the Feeds Management page, control things like update frequency, assigned indicators scores, expireation date, import behavior and more!.