<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Hi David,<div><br></div><div>This GitHub repo should provide you an overview and answer hopefully most of your questions: <a href="https://github.com/King-Konsto/nids-rule-library/blob/master/README.md">https://github.com/King-Konsto/nids-rule-library/blob/master/README.md</a></div><div><br></div><div>Please feel free to open an issue or create a PR if you find a ruleset that is missing on the list. </div><div><br></div><div>Further I haven’t played much with suricata‘s new dataset feature which was introduced with suricata 5.0. I guess there are plenty of feeds one could use with this new feature.</div><div><br></div><div>Please don’t hesitate to ask further questions, because I’ve played around with mosh of the rulesets on the list.</div><div><br></div><div>Cheers,</div><div><br></div><div>Konstantin</div><div><div dir="ltr"><br><blockquote type="cite">Am 27.01.2020 um 18:34 schrieb David Decker <x.faith@gmail.com>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">What are the general rules most folks use for Suricata? <div><br></div><div>I know ET rules are popular, but do folks use the Snort Subscriber/Community ect? </div><div><br></div><div>Also any other ones (besides customs) that might be good to look at?</div><div><br></div><div>Thanks</div><div>X</div></div>
<span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org</span><br><span>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/</span><br><span>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</span><br><span></span><br><span>Conference: https://suricon.net</span><br><span>Trainings: https://suricata-ids.org/training/</span></div></blockquote></div></body></html>