jstrosch · December 2, 2024 13:13
diff --git a/gistfile1.txt b/gistfile1.txt
 set log="C:\Users\TheCyberYeti\AppData\Local\Temp\suri"

 @echo OFF

 echo y | del "%log%\*"

 @echo ON

 suricata -k none -r %1 --runmode=autofp -l "%log%" -s "C:\Program Files\Suricata\custom.rules"

 @echo OFF

 grep "event_type\":\"alert" "%log%\eve.json" | jq "\"\(.alert.signature) (SID \(.alert.signature_id)): \(.alert.category) from \(.src_ip):\(.src_port) - \(.dest_ip):\(.dest_port)\""
	set log="C:\Users\TheCyberYeti\AppData\Local\Temp\suri"

	@echo OFF

	echo y \| del "%log%\*"

	@echo ON

	suricata -k none -r %1 --runmode=autofp -l "%log%" -s "C:\Program Files\Suricata\custom.rules"

	@echo OFF

	grep "event_type\":\"alert" "%log%\eve.json" \| jq "\"\(.alert.signature) (SID \(.alert.signature_id)): \(.alert.category) from \(.src_ip):\(.src_port) - \(.dest_ip):\(.dest_port)\""