]> git.ipfire.org Git - ipfire-2.x.git/blob - config/suricata/ruleset-sources
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Core Update 168: Ship fcrontab and rebuild it from scratch
[ipfire-2.x.git] / config / suricata / ruleset-sources
1 package IDS::Ruleset;
2
3 # This file contains the supported ruleset providers.
4 #
5 # Each one is defined as a hash in the main hash.
6 # It's name acts as handle/key and the key/value pair acts as data part.
7 # So the structure is like the following:
8 #
9 # handle => {
10 # summary => A short summary of the service. This also will be shown if no translation string is available for the WUI.
11 # website => The website of the ruleset provider.
12 # tr_string => The translation string which is used by the WUI and part of the language files.
13 # requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset.
14 # dl_url => The download URL to grab the ruleset.
15 # dl_type => "archive/plain" - To specify, if the downloaded file is a packed archive or a plain text file.
16 # },
17
18 # Hash which contains the supported ruleset providers.
19 our %Providers = (
20 # Ruleset for registered sourcefire users.
21 registered => {
22 summary => "Talos VRT rules for registered users",
23 website => "https://www.snort.org",
24 tr_string => "registered user rules",
25 requires_subscription => "True",
26 dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>",
27 dl_type => "archive",
28 },
29
30 # Ruleset for registered sourcefire users with a valid subsription.
31 subscripted => {
32 summary => "Talos VRT rules with subscription",
33 website => "https://www.snort.org",
34 tr_string => "subscripted user rules",
35 requires_subscription => "True",
36 dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>",
37 dl_type => "archive",
38 },
39
40 # Community rules from sourcefire.
41 community => {
42 summary => "Snort/VRT GPLv2 Community Rules",
43 website => "https://www.snort.org",
44 tr_string => "community rules",
45 requires_subscription => "False",
46 dl_url => "https://www.snort.org/rules/community",
47 dl_type => "archive",
48 },
49
50 # Emerging threads community rules.
51 emerging => {
52 summary => "Emergingthreats.net Community Rules",
53 website => "https://emergingthreats.net/",
54 tr_string => "emerging rules",
55 requires_subscription => "False",
56 dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz",
57 dl_type => "archive",
58 },
59
60 # Emerging threads Pro rules.
61 emerging_pro => {
62 summary => "Emergingthreats.net Pro Rules",
63 website => "https://emergingthreats.net/",
64 tr_string => "emerging pro rules",
65 requires_subscription => "True",
66 dl_url => "https://rules.emergingthreatspro.com/<subscription_code>/suricata-5.0/etpro.rules.tar.gz",
67 dl_type => "archive",
68 },
69
70 # Abuse.ch SSLBL Blacklist rules.
71 sslbl_blacklist => {
72 summary => "Abuse.ch SSLBL Blacklist Rules",
73 website => "https://sslbl.abuse.ch/",
74 tr_string => "sslbl blacklist rules",
75 requires_subscription => "False",
76 dl_url => "https://sslbl.abuse.ch/blacklist/sslblacklist.rules",
77 dl_type => "plain",
78 },
79
80 # Etnetera Aggressive Blacklist.
81 etnetera_aggressive => {
82 summary => "Etnetera Aggressive Blacklist Rules",
83 website => "https://security.etnetera.cz/",
84 tr_string => "etnetera aggressive blacklist rules",
85 requires_subscription => "False",
86 dl_url => "https://security.etnetera.cz/feeds/etn_aggressive.rules",
87 dl_type => "plain",
88 },
89
90 # OISF Traffic ID rules.
91 oisf_trafficid => {
92 summary => "OISF Traffic ID Rules",
93 website => "https://www.openinfosecfoundation.org/",
94 tr_string => "oisf traffic id rules",
95 requires_subscription => "False",
96 dl_url => "https://openinfosecfoundation.org/rules/trafficid/trafficid.rules",
97 dl_type => "plain",
98 },
99
100 # Positive Technologies Attack Detection Team rules.
101 attack_detection => {
102 summary => "PT Attack Detection Team Rules",
103 website => "https://github.com/ptresearch/AttackDetection",
104 tr_string => "attack detection team rules",
105 requires_subscription => "False",
106 dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz",
107 dl_type => "archive",
108 },
109
110 # Secureworks Security rules.
111 secureworks_security => {
112 summary => "Secureworks Security Ruleset",
113 website => "https://www.secureworks.com",
114 tr_string => "secureworks security ruleset",
115 requires_subscription => "True",
116 dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz",
117 dl_type => "archive",
118 },
119
120 # Secureworks Malware rules.
121 secureworks_malware => {
122 summary => "Secureworks Malware Ruleset",
123 website => "https://www.secureworks.com",
124 tr_string => "secureworks malware ruleset",
125 requires_subscription => "True",
126 dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz",
127 dl_type => "archive",
128 },
129
130 # Secureworks Enhanced rules.
131 secureworks_enhanced => {
132 summary => "Secureworks Enhanced Ruleset",
133 website => "https://www.secureworks.com",
134 tr_string => "secureworks enhanced ruleset",
135 requires_subscription => "True",
136 dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz",
137 dl_type => "archive",
138 },
139
140 # Travis B. Green hunting rules.
141 tgreen => {
142 summary => "Travis Green - Hunting rules",
143 website => "https://github.com/travisbgreen/hunting-rules",
144 tr_string => "travis green hunting rules",
145 requires_subscription => "False",
146 dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules",
147 dl_type => "plain",
148 },
149 );
IPFire 2.x development tree