git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Thu, 15 Feb 2024 12:58:35 +0000 (13:58 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 16 Feb 2024 12:29:15 +0000 (12:29 +0000)
commit	90e40b194873b596c138cbc25d559e765824f155
tree	0c2c4090f2580c6c213f18965bc3e6cf4e31bf82	tree \| snapshot
parent	407548690c672bc58b02123787aa443d44d9f49d	commit \| diff

ruleset-sources: removal of PT Attack & Secureworks + addition of ThreatFox

- The PT Attack ruleset has not been updated since 2021 and made read-only in 2022
   The PT Attack website no longer has any reference to Suricata Rulesets. The PT Attack
   ruleset is being removed.
- The Secureworks three rulesets are no longer available. The website path gives a 404
   error. No mention of Suricata rulesets in the Secureworks website. The Secureworks three
   rulesets are being removed.
- ThreatFox ruleset has been added to the list. Both a plain and archive version of the
   rules are available but the plain version is being regularly updated while the archive
   version was last updated 5 days ago. So this patch has implemented the plain version.
- All above was discussed in the January Developers Conference call.
- Tested out on my vm testbed. I had PT Attack selected as one of the providers. As
   mentioned by Stefan removing PT Attack means it is not available in the list of
   providers but the provider stays in the providers table but with the line shown in red.
   I will update the wiki to mention the red highlight and what it means.

Suggested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>