[people/mfischer/ipfire-2.x.git] / config / suricata / ruleset-sources

package IDS::Ruleset;

# This file contains the supported ruleset providers.
#
# Each one is defined as a hash in the main hash.
# It's name acts as handle/key and the key/value pair acts as data part.
# So the structure is like the following:
#
# handle => {
# 	summary => A short summary of the service. This also will be shown if no translation string is available for the WUI.
# 	website => The website of the ruleset provider.
# 	tr_string => The translation string which is used by the WUI and part of the language files.
# 	requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset.
# 	dl_url => The download URL to grab the ruleset.
# 	dl_type => "archive/file" - To specify, if the downloaded file is a packed archive or a plain text file.
# },

# Hash which contains the supported ruleset providers.
our %Providers = (
	# Ruleset for registered sourcefire users.
	registered => {
		summary => "Talos VRT rules for registered users",
		website => "https://www.snort.org",
		tr_string => "registered user rules",
		requires_subscription => "True",
		dl_url => "https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>",
		dl_type => "archive",
	},

	# Ruleset for registered sourcefire users with a valid subsription.
	subscripted => {
		summary => "Talos VRT rules with subscription",
		website => "https://www.snort.org",
		tr_string => "subscripted user rules",
		requires_subscription => "True",
		dl_url => "https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>",
		dl_type => "archive",
	},

	# Community rules from sourcefire.
	community => {
		summary => "Snort/VRT GPLv2 Community Rules",
		website => "https://www.snort.ort",
		tr_string => "community rules",
		requires_subscription => "False",
		dl_url => "https://www.snort.org/rules/community",
		dl_type => "archive",
	},

	# Emerging threads community rules.
	emerging => {
		summary => "Emergingthreats.net Community Rules",
		website => "https://emergingthreats.net/",
		tr_string => "emerging rules",
		requires_subscription => "False",
		dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz",
		dl_type => "archive",
	},

	# Emerging threads Pro rules.
	emerging_pro => {
		summary => "Emergingthreats.net Pro Rules",
		website => "https://emergingthreats.net/",
		tr_string => "emerging pro rules",
		requires_subscription => "True",
		dl_url => "https://rules.emergingthreatspro.com/<oinkcode>/suricata-5.0/etpro.rules.tar.gz",
		dl_type => "archive",
	},
);
Commit	Line	Data
5e891296	1	package IDS::Ruleset;
1d9b8791	2
5e891296 SS	3	# This file contains the supported ruleset providers.
	4	#
	5	# Each one is defined as a hash in the main hash.
	6	# It's name acts as handle/key and the key/value pair acts as data part.
	7	# So the structure is like the following:
	8	#
	9	# handle => {
	10	# summary => A short summary of the service. This also will be shown if no translation string is available for the WUI.
	11	# website => The website of the ruleset provider.
	12	# tr_string => The translation string which is used by the WUI and part of the language files.
	13	# requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset.
	14	# dl_url => The download URL to grab the ruleset.
	15	# dl_type => "archive/file" - To specify, if the downloaded file is a packed archive or a plain text file.
	16	# },
1d9b8791	17
5e891296 SS	18	# Hash which contains the supported ruleset providers.
	19	our %Providers = (
	20	# Ruleset for registered sourcefire users.
	21	registered => {
	22	summary => "Talos VRT rules for registered users",
	23	website => "https://www.snort.org",
	24	tr_string => "registered user rules",
	25	requires_subscription => "True",
	26	dl_url => "https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>",
	27	dl_type => "archive",
	28	},
1d9b8791	29
5e891296 SS	30	# Ruleset for registered sourcefire users with a valid subsription.
	31	subscripted => {
	32	summary => "Talos VRT rules with subscription",
	33	website => "https://www.snort.org",
	34	tr_string => "subscripted user rules",
	35	requires_subscription => "True",
	36	dl_url => "https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>",
	37	dl_type => "archive",
	38	},
4fbd88bf	39
5e891296 SS	40	# Community rules from sourcefire.
	41	community => {
	42	summary => "Snort/VRT GPLv2 Community Rules",
	43	website => "https://www.snort.ort",
	44	tr_string => "community rules",
	45	requires_subscription => "False",
	46	dl_url => "https://www.snort.org/rules/community",
	47	dl_type => "archive",
	48	},
4fbd88bf	49
5e891296 SS	50	# Emerging threads community rules.
	51	emerging => {
	52	summary => "Emergingthreats.net Community Rules",
a49a30d1	53	website => "https://emergingthreats.net/",
5e891296 SS	54	tr_string => "emerging rules",
	55	requires_subscription => "False",
	56	dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz",
	57	dl_type => "archive",
	58	},
	59
	60	# Emerging threads Pro rules.
	61	emerging_pro => {
	62	summary => "Emergingthreats.net Pro Rules",
a49a30d1	63	website => "https://emergingthreats.net/",
5e891296 SS	64	tr_string => "emerging pro rules",
	65	requires_subscription => "True",
	66	dl_url => "https://rules.emergingthreatspro.com/<oinkcode>/suricata-5.0/etpro.rules.tar.gz",
	67	dl_type => "archive",
	68	},
	69	);