OSSEC Rule Converter
Having just written my first OSSEC rules (OSSEC Kismet Alert Rules) I decided it was too hard to see what was going on with them when editing them in an XML file so wrote this little app which takes a CSV file and converts it into a rules file.
To use the app you need to create a CSV laid out in the following way:
- Line 1: Column headings, this line is expected but ignored
- Line 2: The name attribute of the opening group tag
- Lines 3 onwards: These follow the column headings. Make sure you define a unique rule ID for each rule in column 1.
My rules are only interested in matching the action field so if column F contains a value then it will go into an
Usage is fairly simple, just pass in the input CSV filename and, optionally, the output XML filename. If the XML filename isn't given then the output will be sent to stdout. I've included the CSV file used to create my Kismet rules and the XML file they output.