[Oisf-users] Datasets with pcaps and the correspondent rules

Dave Killion dave.killion at gmail.com
Wed Feb 12 21:08:58 UTC 2020

I know that NSS Labs used the Telus Security Labs packet capture test cases
for their IPS/IDS bakeoffs for years and years.  I believe TSL also had
Snort signatures to detect those pcaps.

The TSL research team was acquired by Trend Micro in early 2018, however,
so I'm not sure what happened to that dataset or if Trend offers the same
service now.

When we had them, they were quite expensive - it was like $150k/year for a
subscription.  But if you wanted to look good on the NSS test, you had to

On Wed, Feb 12, 2020 at 12:17 PM Lucas Augusto Mota de Alcantara <
lama2 at cin.ufpe.br> wrote:

> Hello everyone,
> I'd like to know if is there any dataset with malicious packets and the
> rules which would be triggered by these packets.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

Dave Killion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200212/03c1fd32/attachment.html>

More information about the Oisf-users mailing list