[Oisf-users] Suricata-Update sslbl ruleset

Konstantin Klinger konstantin.klinger at dcso.de
Fri Nov 30 15:40:09 UTC 2018 

Hello,

regarding the latest discussion of error messages from Suricata-Update
1.0.0 I would like to ask if anyone knows when abuse[.]ch will fix their
SSL-Blacklist ruleset? I am still getting a 503 when I try to fetch
"https://sslbl[.]abuse[.]ch/blacklist/sslblacklist.rules.".

At the Sigdev training @SuriCon someone told me that the are working on
a new ruleset and they want to use also new TLS keywords from Suricata.
Does anyone know more about that topic?

Thanks & Cheers,

Konstantin

-- 
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)

konstantin.klinger at dcso.de

dcso.de
blog.dcso.de

PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus 22 •
10829 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
Amtsgericht Charlottenburg HRB 172382


-------- Forwarded Message --------
Subject: Re: [Oisf-users] Suricata-update 1.0.0 messages
Date: Mon, 26 Nov 2018 21:43:02 +0530
From: Shivani Bhardwaj <shivanib134 at gmail.com>
To: r.fulton at auckland.ac.nz
CC: oisf-users at lists.openinfosecfoundation.org

Hello!

On Mon, Nov 12, 2018 at 7:19 AM Russell Fulton <r.fulton at auckland.ac.nz>
wrote:
>
>
> I get the following warnings from suricata-update:
>
> 12/11/2018 -- 14:41:46 - <Info> -- Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
> 12/11/2018 -- 14:41:48 - <Warning> -- Failed to check remote checksum: HTTP Error 503: Connection timed out
> 12/11/2018 -- 14:41:48 - <Info> -- Fetching https://sslbl.abuse.ch/blacklist/sslblacklist.rules.
> 12/11/2018 -- 14:41:50 - <Warning> -- Failed to fetch https://sslbl.abuse.ch/blacklist/sslblacklist.rules, will use latest cached version: HTTP Error 503: Connection timed out
> …….
> 12/11/2018 -- 14:41:50 - <Info> -- Loading local file /var/lib/suricata/rules/local.rules
> 12/11/2018 -- 14:41:50 - <Warning> -- No distribution rule directory found.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181130/adb64f31/attachment-0001.sig>

More information about the Oisf-users mailing list