[Oisf-users] Options for rule set sources

David Wharton dwharton at secureworks.com
Wed Feb 21 13:36:47 UTC 2018


Classification: //SecureWorks/Public Use:
Hi Sascha,

Although it isn't well advertised, Secureworks (https://www.secureworks.com/) does offer stand-alone Suricata commercial rulesets (as well as rulesets for other IDS/IPS engines/vendors).  These are custom written and curated, and produced from a variety of sources including vulnerability disclosures (e.g. CVEs), malware research/reverse engineering, incident response, threat hunting, public and private data sources, and sundry other research and activity.  The rulesets are what you'd expect from a commercial offering:


*         High fidelity

*         Intended for IDS as well as inline/IPS devices (thousands of "drop" rules)

*         Extensively tested

o   Each individual rule undergoes testing on multiple platforms as well effectiveness testing to verify the rule alerts on the applicable network traffic

o   Holistic ruleset testing for each release including the use of dedicated equipment for performance measurements (e.g. latency, throughput, etc.)

o   Deployed against voluminous, live, real-world traffic on myriad networks and industry verticals

*         Daily ruleset releases

o   Multiple releases per day depending on threat landscape

*         Available for programmatic download

o   Works with popular ruleset management tools (rulecat, PulledPork, suricata-update, etc.)

o   Ruleset hash programmatically available to easily identify when the ruleset has been updated

*         Compatible with Suricata versions 2.x, 3.x, and 4.x.

Feel free to contact me off-list for more information.

Thank you.

-David Wharton
Secureworks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180221/1e031eac/attachment-0002.html>


More information about the Oisf-users mailing list