IDSTower

IDSTower can use the VulnCheck Initial Access Intelligence API as a source of Suricata rules.

Setup Instructions

The following instructions were developed against IDSTower 2.7.2.

  1. Log into the VulnCheck Dashboard and click on User Icon > Tokens.
  2. Click Create Token to generate a VulnCheck new token to use with IDSTower.
  3. Log into the IDSTower Dashboard and click on Settings in the left-hand side menu.
  4. On the Settings > feeds page, click the Add New Feed button on the right.
  5. Set the Feed URL to https://api.vulncheck.com/v3/rules/initial-access/suricata?token=vulncheck_TOKEN where vulncheck_TOKEN is the token you created in Step 2.
  6. Click the Verify Connection button. This should transition you to the following screen with a message indicating that the connection was succesful. Click Add Feed.
  7. There should now be a VulnCheck drop down in the Settings > Feeds tab, likely as the last entry. Click the Update button.
  8. The VulnCheck Suricata rules should now be available in the Rules Management view.

Microsoft Power BI

Tines