rulecat

Usage

usage: idstools-rulecat [-h] [-v] [-t <directory>] [--suricata <path>] [-f]
                        [--rules-dir <directory>] [--merged <filename>]
                        [--yaml-fragment <filename>] [--url <url>]
                        [--local <filename>] [--sid-msg-map <filename>]
                        [--sid-msg-map-2 <filename>] [--disable <filename>]
                        [--enable <filename>] [--modify <filename>]
                        [--threshold-in <filename>]
                        [--threshold-out <filename>] [--dump-sample-configs]
                        [--etpro <etpro-code>] [-q] [--post-hook <command>]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Be more verbose
  -t <directory>, --temp <directory>
                        Temporary work directory
  --suricata <path>     Path to Suricata program (default: None)
  -f, --force           Force operations that might otherwise be skipped
  --rules-dir <directory>
                        Output rules directory.
  --merged <filename>   Output merged rules file
  --yaml-fragment <filename>
                        Output YAML fragment for rule inclusion
  --url <url>           URL to use instead of auto-generating one
  --local <filename>    Local rule files or directories
  --sid-msg-map <filename>
                        Generate a sid-msg.map file
  --sid-msg-map-2 <filename>
                        Generate a v2 sid-msg.map file
  --disable <filename>  Filename of disable rule configuration
  --enable <filename>   Filename of enable rule configuration
  --modify <filename>   Filename of rule modification configuration
  --threshold-in <filename>
                        Filename of rule thresholding configuration
  --threshold-out <filename>
                        Output of processed threshold configuration
  --dump-sample-configs
                        Dump sample config files to current directory
  --etpro <etpro-code>  Use ET-Pro rules with provided ET-Pro code
  -q, --quiet           Be quiet, warning and error messages only
  --post-hook <command>
                        Command to run after update if modified