]>
Commit | Line | Data |
---|---|---|
5e891296 | 1 | package IDS::Ruleset; |
1d9b8791 | 2 | |
5e891296 SS |
3 | # This file contains the supported ruleset providers. |
4 | # | |
5 | # Each one is defined as a hash in the main hash. | |
6 | # It's name acts as handle/key and the key/value pair acts as data part. | |
7 | # So the structure is like the following: | |
8 | # | |
9 | # handle => { | |
10 | # summary => A short summary of the service. This also will be shown if no translation string is available for the WUI. | |
11 | # website => The website of the ruleset provider. | |
12 | # tr_string => The translation string which is used by the WUI and part of the language files. | |
13 | # requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset. | |
14 | # dl_url => The download URL to grab the ruleset. | |
caae0cf5 | 15 | # dl_type => "archive/plain" - To specify, if the downloaded file is a packed archive or a plain text file. |
5e891296 | 16 | # }, |
1d9b8791 | 17 | |
5e891296 SS |
18 | # Hash which contains the supported ruleset providers. |
19 | our %Providers = ( | |
20 | # Ruleset for registered sourcefire users. | |
21 | registered => { | |
22 | summary => "Talos VRT rules for registered users", | |
23 | website => "https://www.snort.org", | |
24 | tr_string => "registered user rules", | |
25 | requires_subscription => "True", | |
acbbcde4 | 26 | dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>", |
5e891296 SS |
27 | dl_type => "archive", |
28 | }, | |
1d9b8791 | 29 | |
5e891296 SS |
30 | # Ruleset for registered sourcefire users with a valid subsription. |
31 | subscripted => { | |
32 | summary => "Talos VRT rules with subscription", | |
33 | website => "https://www.snort.org", | |
34 | tr_string => "subscripted user rules", | |
35 | requires_subscription => "True", | |
acbbcde4 | 36 | dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>", |
5e891296 SS |
37 | dl_type => "archive", |
38 | }, | |
4fbd88bf | 39 | |
5e891296 SS |
40 | # Community rules from sourcefire. |
41 | community => { | |
42 | summary => "Snort/VRT GPLv2 Community Rules", | |
b5350c4d | 43 | website => "https://www.snort.org", |
5e891296 SS |
44 | tr_string => "community rules", |
45 | requires_subscription => "False", | |
46 | dl_url => "https://www.snort.org/rules/community", | |
47 | dl_type => "archive", | |
48 | }, | |
4fbd88bf | 49 | |
5e891296 SS |
50 | # Emerging threads community rules. |
51 | emerging => { | |
52 | summary => "Emergingthreats.net Community Rules", | |
a49a30d1 | 53 | website => "https://emergingthreats.net/", |
5e891296 SS |
54 | tr_string => "emerging rules", |
55 | requires_subscription => "False", | |
56 | dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz", | |
57 | dl_type => "archive", | |
58 | }, | |
59 | ||
60 | # Emerging threads Pro rules. | |
61 | emerging_pro => { | |
62 | summary => "Emergingthreats.net Pro Rules", | |
a49a30d1 | 63 | website => "https://emergingthreats.net/", |
5e891296 SS |
64 | tr_string => "emerging pro rules", |
65 | requires_subscription => "True", | |
923a6441 | 66 | dl_url => "https://rules.emergingthreatspro.com/<subscription_code>/suricata-5.0/etpro.rules.tar.gz", |
5e891296 SS |
67 | dl_type => "archive", |
68 | }, | |
6cbed0c2 | 69 | |
6cbed0c2 SS |
70 | # Abuse.ch SSLBL Blacklist rules. |
71 | sslbl_blacklist => { | |
72 | summary => "Abuse.ch SSLBL Blacklist Rules", | |
73 | website => "https://sslbl.abuse.ch/", | |
74 | tr_string => "sslbl blacklist rules", | |
75 | requires_subscription => "False", | |
76 | dl_url => "https://sslbl.abuse.ch/blacklist/sslblacklist.rules", | |
77 | dl_type => "plain", | |
78 | }, | |
79 | ||
6cbed0c2 SS |
80 | # Etnetera Aggressive Blacklist. |
81 | etnetera_aggresive => { | |
82 | summary => "Etnetera Aggressive Blacklist Rules", | |
83 | website => "https://security.etnetera.cz/", | |
84 | tr_string => "etnetera aggressive blacklist rules", | |
85 | requires_subscription => "False", | |
86 | dl_url => "https://security.etnetera.cz/feeds/etn_aggressive.rules", | |
87 | dl_type => "plain", | |
88 | }, | |
89 | ||
90 | # OISF Traffic ID rules. | |
91 | oisf_trafficid => { | |
92 | summary => "OISF Traffic ID Rules", | |
93 | website => "https://www.openinfosecfoundation.org/", | |
94 | tr_string => "oisf traffic id rules", | |
95 | requires_subscription => "False", | |
96 | dl_url => "https://openinfosecfoundation.org/rules/trafficid/trafficid.rules", | |
97 | dl_type => "plain", | |
98 | }, | |
99 | ||
100 | # Positive Technologies Attack Detection Team rules. | |
101 | attack_detection => { | |
102 | summary => "PT Attack Detection Team Rules", | |
103 | website => "https://github.com/ptresearch/AttackDetection", | |
104 | tr_string => "attack detection team rules", | |
105 | requires_subscription => "False", | |
106 | dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz", | |
107 | dl_type => "archive", | |
108 | }, | |
109 | ||
110 | # Secureworks Security rules. | |
111 | secureworks_security => { | |
112 | summary => "Secureworks Security Ruleset", | |
113 | website => "https://www.secureworks.com", | |
114 | tr_string => "secureworks security ruleset", | |
115 | requires_subscription => "True", | |
116 | dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz", | |
117 | dl_type => "archive", | |
118 | }, | |
119 | ||
120 | # Secureworks Malware rules. | |
121 | secureworks_malware => { | |
122 | summary => "Secureworks Malware Ruleset", | |
123 | website => "https://www.secureworks.com", | |
124 | tr_string => "secureworks malware ruleset", | |
125 | requires_subscription => "True", | |
126 | dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz", | |
127 | dl_type => "archive", | |
128 | }, | |
129 | ||
130 | # Secureworks Enhanced rules. | |
131 | secureworks_enhanced => { | |
132 | summary => "Secureworks Enhanced Ruleset", | |
133 | website => "https://www.secureworks.com", | |
134 | tr_string => "secureworks enhanced ruleset", | |
135 | requires_subscription => "True", | |
136 | dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz", | |
137 | dl_type => "archive", | |
138 | }, | |
139 | ||
140 | # Travis B. Green hunting rules. | |
141 | tgreen => { | |
142 | summary => "Travis Green - Hunting rules", | |
143 | website => "https://github.com/travisbgreen/hunting-rules", | |
144 | tr_string => "travis green hunting rules", | |
145 | requires_subscription => "False", | |
146 | dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules", | |
147 | dl_type => "plain", | |
148 | }, | |
5e891296 | 149 | ); |