Add Readme and .gitignore

.gitignore

@@ -0,0 +1,61 @@
+### Python template
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Created by .ignore support plugin (hsz.mobi)

README.MD

@@ -0,0 +1,25 @@
+
+# OTX Suricata Rule Generator
+The OTX Suricata Rule Generator can be used to create the rules and configuration for Suricata to alert on indicators from your OTX account (otx.alienvault.com).  This is done with the suricata IP Reputation and file extraction features.  For every pulse your are subscribed to this will add the all the IPv4 indicators in every pulse to a generated IP reputation file.  It will also create a suricata MD5 file for each pulse that has MD5 indicators, there will be a corresponding rule generated that corresponds with each of these files.
+
+## BETA NOTICE
+This is under active development.  It has been tested in our lab in scenarios to replicate realworld installs.  However, Suricata is a complicated product with many configuration options.  If you have anything other than a default configuration, please adapt the output of this tool as appropriate.
+As always feedback and improvements are welcome!
+
+## Usage
+1. Install OTX API (https://github.com/AlienVault-Labs/OTX-Python-SDK)
+2. Run `python suricata.py` to see usage
+
+>usage: suricata.py [-h] [--skip-iprep] [--skip-filemd5] [--key KEY]
+>                   [--destination-directory DESTINATION_DIRECTORY]
+>
+>optional arguments:
+>  -h, --help            show this help message and exit
+>  --skip-iprep          Do not generate IP Reputation files and rules
+>  --skip-filemd5        Do not generate file MD5 and rules
+>  --key KEY             Your OTX API key (https://otx.alienvault.com/api)
+>  --destination-directory DESTINATION_DIRECTORY, -dd DESTINATION_DIRECTORY
+>                        The destination directory for the generated file
+                        
+3. Run `python suricata.py --key <OTX KEY>` to generate default IP Reputation and MD5 Rules
+4. Follow instructions in output to integrate into your existing Suricata installation

otx-suricata/suricata.py

@@ -115,7 +115,7 @@ def getArgs():
     parser.add_argument("--skip-iprep", action='store_true', default=False,
                         help="Do not generate IP Reputation files and rules")
     parser.add_argument("--skip-filemd5", action='store_true', default=False, help="Do not generate file MD5 and rules")
-    parser.add_argument("--key", help="Your OTX API key (https://otx.alienvault.com/api)")
+    parser.add_argument("--key", required=True,help="Your OTX API key (https://otx.alienvault.com/api)")
     parser.add_argument("--destination-directory", "-dd", required=False, type=argparse.FileType('w'),
                         help="The destination directory for the generated file")
     return parser.parse_args()