[Oisf-users] Suricata-Update sslbl ruleset

Michael Stone mstone at mathom.us
Fri Nov 30 19:01:44 UTC 2018

On Fri, Nov 30, 2018 at 03:48:47PM +0000, you wrote:
>    As so many of the abuse.ch rules are included in the Emerging Threats open ruleset is there a reason to add these separate rulesets from abuse.ch directly?

Better coverage, but the cost of actually checking all those tls 
fingerprint sigs is massive--they're much, much less efficient.

More information about the Oisf-users mailing list