From: Stefan Schantl Date: Mon, 5 Apr 2021 05:12:00 +0000 (+0200) Subject: ruleset-sources: Add additional providers. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f539341b55571cb2bd7152c70e86d626a1690f4;p=people%2Fstevee%2Fipfire-2.x.git ruleset-sources: Add additional providers. Signed-off-by: Stefan Schantl --- diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index edef12d45c..84c474ef78 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -66,4 +66,104 @@ our %Providers = ( dl_url => "https://rules.emergingthreatspro.com//suricata-5.0/etpro.rules.tar.gz", dl_type => "archive", }, + + # Abuse.ch SSLBL JA3 fingerprint rules. + sslbl_ja3 => { + summary => "Abuse.ch SSLBL JA3 Rules", + website => "https://sslbl.abuse.ch/", + tr_string => "sslbl ja3 fingerprint rules", + requires_subscription => "False", + dl_url => "https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules", + dl_type => "plain", + }, + + # Abuse.ch SSLBL Blacklist rules. + sslbl_blacklist => { + summary => "Abuse.ch SSLBL Blacklist Rules", + website => "https://sslbl.abuse.ch/", + tr_string => "sslbl blacklist rules", + requires_subscription => "False", + dl_url => "https://sslbl.abuse.ch/blacklist/sslblacklist.rules", + dl_type => "plain", + }, + + # Abuse.ch URLhaus Blacklist rules. + urlhaus => { + summary => "Abuse.ch URLhaus Blacklist Rules", + website => "https://urlhaus.abuse.ch/", + tr_string => "urlhaus blacklist rules", + requires_subscription => "False", + dl_url => "https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz", + dl_type => "archive", + }, + + # Etnetera Aggressive Blacklist. + etnetera_aggresive => { + summary => "Etnetera Aggressive Blacklist Rules", + website => "https://security.etnetera.cz/", + tr_string => "etnetera aggressive blacklist rules", + requires_subscription => "False", + dl_url => "https://security.etnetera.cz/feeds/etn_aggressive.rules", + dl_type => "plain", + }, + + # OISF Traffic ID rules. + oisf_trafficid => { + summary => "OISF Traffic ID Rules", + website => "https://www.openinfosecfoundation.org/", + tr_string => "oisf traffic id rules", + requires_subscription => "False", + dl_url => "https://openinfosecfoundation.org/rules/trafficid/trafficid.rules", + dl_type => "plain", + }, + + # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + requires_subscription => "False", + dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz", + dl_type => "archive", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset//Suricata_suricata-security_latest.tgz", + dl_type => "archive", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset//Suricata_suricata-malware_latest.tgz", + dl_type => "archive", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset//Suricata_suricata-enhanced_latest.tgz", + dl_type => "archive", + }, + + # Travis B. Green hunting rules. + tgreen => { + summary => "Travis Green - Hunting rules", + website => "https://github.com/travisbgreen/hunting-rules", + tr_string => "travis green hunting rules", + requires_subscription => "False", + dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules", + dl_type => "plain", + }, );