gnat_rule
Synopsis
Generates triggers (alerts) a list of patterns and tags that are used to match and annotate the flow records.
Description
Generate triggers (alerts) when a pattern in the rule file matches.
Rules are specified in a JSON file which contains a list of patterns.
This tool implements the gnat command line interface and shares the same required and optional arguments as other GNAT tools.
Required Arguments
--rule <JSON file>
The --rule argument specifies the path to a JSON file containing a list of patterns.
If running within a Docker container, this directory should be accessible from the Docker container running the GNAT tool.
Examples
$ gnat_rule --input /var/spool/input --output /var/spool/output --options rule=/etc/rule_patterns.json