[Oisf-users] Suricata-Update sslbl ruleset

Edgmand, Craig craig.edgmand at okstate.edu
Fri Nov 30 15:48:47 UTC 2018 

Hello,

    As so many of the abuse.ch rules are included in the Emerging Threats open ruleset is there a reason to add these separate rulesets from abuse.ch directly?

Just wondering.

Craig





-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Konstantin Klinger
Sent: Friday, November 30, 2018 9:40 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Suricata-Update sslbl ruleset

Hello,

regarding the latest discussion of error messages from Suricata-Update
1.0.0 I would like to ask if anyone knows when abuse[.]ch will fix their SSL-Blacklist ruleset? I am still getting a 503 when I try to fetch "https://sslbl[.]abuse[.]ch/blacklist/sslblacklist.rules.".

At the Sigdev training @SuriCon someone told me that the are working on a new ruleset and they want to use also new TLS keywords from Suricata.
Does anyone know more about that topic?

Thanks & Cheers,

Konstantin

--
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)

konstantin.klinger at dcso.de

dcso.de
blog.dcso.de

PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus 22 •
10829 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin, Amtsgericht Charlottenburg HRB 172382


-------- Forwarded Message --------
Subject: Re: [Oisf-users] Suricata-update 1.0.0 messages
Date: Mon, 26 Nov 2018 21:43:02 +0530
From: Shivani Bhardwaj <shivanib134 at gmail.com>
To: r.fulton at auckland.ac.nz
CC: oisf-users at lists.openinfosecfoundation.org

Hello!

On Mon, Nov 12, 2018 at 7:19 AM Russell Fulton <r.fulton at auckland.ac.nz>
wrote:
>
>
> I get the following warnings from suricata-update:
>
> 12/11/2018 -- 14:41:46 - <Info> -- Checking https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsslbl.abuse.ch%2Fblacklist%2Fsslblacklist.rules.md5&data=02%7C01%7Ccraig.edgmand%40okstate.edu%7C20838cb977bc4400177208d656da327a%7C2a69c91de8494e34a230cdf8b27e1964%7C0%7C0%7C636791892491759340&sdata=7T2%2B6Yf84ECz6CwfXwoG53NQgumsJYS%2BufB0gvlhTM0%3D&reserved=0.
> 12/11/2018 -- 14:41:48 - <Warning> -- Failed to check remote checksum: 
> HTTP Error 503: Connection timed out
> 12/11/2018 -- 14:41:48 - <Info> -- Fetching https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsslbl.abuse.ch%2Fblacklist%2Fsslblacklist.rules&data=02%7C01%7Ccraig.edgmand%40okstate.edu%7C20838cb977bc4400177208d656da327a%7C2a69c91de8494e34a230cdf8b27e1964%7C0%7C0%7C636791892491759340&sdata=ouZFLX1C7NXcMVMoRBWsGtM5j8lhdNWJ%2BKCZ61cOz2w%3D&reserved=0.
> 12/11/2018 -- 14:41:50 - <Warning> -- Failed to fetch 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsslbl.abuse.ch%2Fblacklist%2Fsslblacklist.rules&data=02%7C01%7Ccraig.edgmand%40okstate.edu%7C20838cb977bc4400177208d656da327a%7C2a69c91de8494e34a230cdf8b27e1964%7C0%7C0%7C636791892491759340&sdata=ouZFLX1C7NXcMVMoRBWsGtM5j8lhdNWJ%2BKCZ61cOz2w%3D&reserved=0, will use latest cached version: HTTP Error 503: Connection timed out …….
> 12/11/2018 -- 14:41:50 - <Info> -- Loading local file 
> /var/lib/suricata/rules/local.rules
> 12/11/2018 -- 14:41:50 - <Warning> -- No distribution rule directory found.

More information about the Oisf-users mailing list