[Oisf-users] Test IDS/IPS and NSM functionality of Suricata
Brad Woodberg
bwoodberg at proofpoint.com
Thu Feb 28 12:44:32 UTC 2019
Kaushal,
Wicar.org has some exploits which will trigger ET signatures, along with the Testmyids site that Travis mentioned. You can use that to trigger events on your IDS to make sure that it is working as expected.
Best Regards,
Brad Woodberg l Group Product Manager - Emerging Threats, TAP Campaigns
Proofpoint, Inc.
E: bwoodberg at proofpoint.com<mailto:bwoodberg at proofpoint.com>
[id:image001.png at 01D285E1.0101B2B0]<http://www.proofpoint.com/>
threat protection l compliance l archiving & governance l secure communication
From: Kaushal Shriyan <kaushalshriyan at gmail.com>
Date: Friday, February 22, 2019 at 9:57 PM
To: Brad Woodberg <bwoodberg at proofpoint.com>
Cc: "oisf-users at lists.openinfosecfoundation.org" <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] Test IDS/IPS and NSM functionality of Suricata
On Sat, Feb 23, 2019 at 12:03 AM Brad Woodberg <bwoodberg at proofpoint.com<mailto:bwoodberg at proofpoint.com>> wrote:
Hi Kaushal,
If you’re using the Emerging Threats ruleset wicar.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__wicar.org&d=DwMFaQ&c=Vxt5e0Osvvt2gflwSlsJ5DmPGcPvTRKLJyp031rXjhg&r=rOVyB9ixExmyqAgEyDnrUtIQ2jlUiP4p_9Yb9cbBi4A&m=JEDciNqScL2NUbSjQnDJp13bIWL57MsiyYTmYdGcXds&s=D5q6yBl5Si5o5OcAbw-QXVB6tiyQ6FfTBEIeiseEykk&e=> will provide a bunch of POC hits that will show up in your logs if all is running properly.
Hi Brad,
I have used wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz<https://urldefense.proofpoint.com/v2/url?u=http-3A__rules.emergingthreats.net_open_suricata_emerging.rules.tar.gz&d=DwMFaQ&c=Vxt5e0Osvvt2gflwSlsJ5DmPGcPvTRKLJyp031rXjhg&r=rOVyB9ixExmyqAgEyDnrUtIQ2jlUiP4p_9Yb9cbBi4A&m=JEDciNqScL2NUbSjQnDJp13bIWL57MsiyYTmYdGcXds&s=bDtDtyHsUF8irGdKGSzNMFKvrMBBLF9erw5b1tCavok&e=> to download it under /etc/suricata/rules/ and then copied emerging-user_agents.rules to /etc/suricata/rules/. I have restarted suricata service. I did not understand about POC hits using http://www.wicar.org/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.wicar.org_&d=DwMFaQ&c=Vxt5e0Osvvt2gflwSlsJ5DmPGcPvTRKLJyp031rXjhg&r=rOVyB9ixExmyqAgEyDnrUtIQ2jlUiP4p_9Yb9cbBi4A&m=JEDciNqScL2NUbSjQnDJp13bIWL57MsiyYTmYdGcXds&s=7Ou2yMwcxDssv78FvFMm_VgORAZGiXwKK3-D3ulVUWg&e=> Please comment.
Thanks in Advance.
Best Regards,
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190228/e9b94f90/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10808 bytes
Desc: image001.png
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190228/e9b94f90/attachment-0001.png>
More information about the Oisf-users
mailing list