[Oisf-users] Options for rule set sources
Sascha Steinbiss
satta at debian.org
Tue Feb 20 11:45:27 UTC 2018
Hi all,
I was wondering what options there are currently out there for obtaining
regularly updated feeds of Suricata rules? I would be interested in both
public as well as commercial, subscription-based sources, however, it is
important that they are well curated to provide up-to-date high quality
signatures, _not_ limited to the most common commodity malware.
I understand most Suricata users are running Proofpoint's ET Open or ET
Pro rulesets. These are excellent for most purposes and also well
structured to be tailored to various use cases. From the new
suricata-update tool's source list [1] I can see that there is also PT's
Attack Detection ruleset [2]. Now both of these are specific Suricata
rule sets, but maybe there are also other useful feeds in more generic
formats that are easy (or even intended?) to be converted to IDS or
firewall rules.
I am wondering what else is out there that we are probably missing out
on. My feeling is that it could be beneficial to the community to gather
such information and collect some of these less popular options, maybe
in some kind of public resource (GitHub markdown list etc.)
TL;DR: What external sources for Suricata rules do you use? A quick
pointer to the vendor or project web site would be much appreciated. Thanks!
Kind regards,
Sascha
[1] https://github.com/OISF/suricata-update/blob/master/tests/index.yaml
[2] https://github.com/ptresearch/AttackDetection
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180220/98f0f695/attachment.sig>
More information about the Oisf-users
mailing list