Can I use IPS to trigger a custom action?
-
Hello experts,
I would like to know if I can use netmap/snort/suricata to trigger a custom action upon detecting a specific packet.
I have a home automation device, a doorbell. When pressed, a message is sent to the cloud server and is going through my pfsense fw. I'm looking for ways to call an API whenever this happens. No need to actually fetch values from the message, pattern recognition on the data portion of the packet is enough for this task.TIA
-
@mduchaine said in Can I use IPS to trigger a custom action?:
Hello experts,
I would like to know if I can use netmap/snort/suricata to trigger a custom action upon detecting a specific packet.
I have a home automation device, a doorbell. When pressed, a message is sent to the cloud server and is going through my pfsense fw. I'm looking for ways to call an API whenever this happens. No need to actually fetch values from the message, pattern recognition on the data portion of the packet is enough for this task.TIA
No, such a feature is not available within either the Snort or Suricata binaries nor the corresponding GUI packages. You could create your own log scanning script to perhaps trigger something when it detects a custom rule alerting, but it would be something you would have to write and maintain on your own.
You can certainly write your own custom rules to alert on whatever packet header and/or payload you want to, but there is no "action" that can be triggered outside of simply printing the alert to the log files.
-
Have a look at homebridge, check if your home automation device is supported.
https://github.com/homebridge/homebridge
-
@NogBadTheBad This is great info NogBagTheBad ... Had been thinking of how I could turn off the alarm using Apple's nearfield when I am close to my apartment door. Since the apartment is not my own, I cannot run wires like regular home owners or what comes built-in new home alarm system. This has great potentials if I can get Siri to recognize when my phone gets an IP because I am close then turn off the alarm ... I don't need to say anything to Siri. Thank you for sharing!
-
Do yourself a favour and install Homebridge Config UI X first.
Using the cmd4 plugin and the following config & script, I get an alert when a device doesn't ping:-
{ "type": "MotionSensor", "displayName": "nas", "motionDetected": "FALSE", "name": "nas", "stateChangeResponseTime": 3, "polling": [ { "on": false, "interval": 300, "timeout": 4000 } ], "state_cmd": "/var/homebridge/cmd4/pinger-nas.sh" }
pi@homebridge:~ $ more /var/homebridge/cmd4/pinger-nas.sh #!/bin/bash IP='172.16.2.10' if ping4 -c 1 -w 1 $IP > /dev/null; then echo 0 else echo 1 fi exit 0 pi@homebridge:~ $
Swap the echo from 0 to 1 and 1 to 0 for the reverse logic.
-
@NogBadTheBad said in Can I use IPS to trigger a custom action?:
Do yourself a favour and install Homebridge Config UI X first.
Using the cmd4 plugin and the following config & script, I get an alert when a device doesn't ping:-
{ "type": "MotionSensor", "displayName": "nas", "motionDetected": "FALSE", "name": "nas", "stateChangeResponseTime": 3, "polling": [ { "on": false, "interval": 300, "timeout": 4000 } ], "state_cmd": "/var/homebridge/cmd4/pinger-nas.sh" }
pi@homebridge:~ $ more /var/homebridge/cmd4/pinger-nas.sh #!/bin/bash IP='172.16.2.10' if ping4 -c 1 -w 1 $IP > /dev/null; then echo 0 else echo 1 fi exit 0 pi@homebridge:~ $
Swap the echo from 0 to 1 and 1 to 0 for the reverse logic.
Are these instructions an example for the OP?
-
@NollipfSense said in Can I use IPS to trigger a custom action?:
Are these instructions an example for the OP?
You'd need to follow the full instructions to install homebridge and Homebridge Config UI X, then you'd get a web interface the above code I posted is to create a motion sensor that detects motion when a my nas doesn't ping.
-
@NogBadTheBad said in Can I use IPS to trigger a custom action?:
@NollipfSense said in Can I use IPS to trigger a custom action?:
Are these instructions an example for the OP?
You'd need to follow the full instructions to install homebridge and Homebridge Config UI X, then you'd get a web interface the above code I posted is to create a motion sensor that detects motion when a my nas doesn't ping.
Awesomely, thank you!