Download Latest Version
s2c_0.4.0.tar.gz (484.5 kB)
Get an email when there's a new version of Snort to Cisco Rule Conversion Utility
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| readme_v0.3.1.txt | 2010-09-13 | 1.7 kB | |
| s2c_v0.3.1.exe | 2010-09-13 | 80.7 kB | |
| Totals: 2 Items | 82.3 kB | 0 | |
0.3.1 Release Notes:
- Improved quiet flag (-q) handling (less output generated when selected)
- Handles more PCRE regex: \d \D \h \H \s \S \v \V \w \W
- Handles more PCRE options: i, s, A, m, R, U; (E, O, P ignored)
- More code clean up
Usage: s2c [-kfqxv?] [-i initial_sigid ] SOURCE DEST
Convert Snort rules file SOURCE to Cisco rule file DEST.
Options:
-f Force conversion. Translate as much of rule as possible,
skipping any unrecognized keywords.
-x Exclude original snort signature in comments field
of DEST (default is to include)
-i Set initial Cisco SignatureID to initial_sigid
(default is 60000)
-k Keep Snort signature numbering (may break META signatures)
-q Quiet (suppress) output error messages, status, etc.*
-v Print version and compatibility info and exit
-? Print this usage info and exit
s2c Version 0.3.1
Snort Rule Options Presently Not Implemented:
activate dynamic gid metadata http_encode
isdataat file_data byte_test byte_jump asn1
ftpbounce cvs dce_iface dce_opnum dce_stub_data
fragoffset flowbits seq ack stream_size
resp react activates activated_by count
replace threshold
Snort Rule Options Partially Implemented:
pcre* fragbits flags flow
Snort Rule Options Presently Ignored:
ip metadata fast_pattern sd_pattern http_client_body
gid
* Indicates change made from previous release