From: Jason Ish <ish@unx.ca>
Date: Tue, 5 Dec 2017 20:20:31 +0000 (-0600)
Subject: Add Secureworks rulesets.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba4bc667787de96bd5f53dac41121f2ad16b1a63;p=thirdparty%2Fsuricata-intel-index.git

Add Secureworks rulesets.

From David Wharton.
---

diff --git a/index.yaml b/index.yaml
index f515a0b..61ec1b6 100644
--- a/index.yaml
+++ b/index.yaml
@@ -43,6 +43,32 @@ sources:
     license: Custom
     license-url: https://raw.githubusercontent.com/ptresearch/AttackDetection/master/LICENSE
 
+  # Secureworks suricata-malware ruleset.
+  scwx/malware:
+    vendor: Secureworks
+    summary: Secureworks suricata-malware ruleset.
+    description: |
+      High-fidelity, high-priority ruleset composed mainly of malware-related countermeasures and curated by the Secureworks Counter Threat Unit research team.
+    url: https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-malware_latest.tgz
+    parameters:
+      secret-code:
+        prompt: Secureworks Threat Intelligence Authentication Token
+    license: Commercial
+    min-version: 2.0.9
+
+  # Secureworks suricata-security ruleset.
+  scwx/security:
+    vendor: Secureworks
+    summary: Secureworks suricata-security ruleset.
+    description: |
+      Broad ruleset composed of malware rules and other security-related countermeasures, and curated by the Secureworks Counter Threat Unit research team.
+    url: https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-security_latest.tgz
+    parameters:
+      secret-code:
+        prompt: Secureworks Threat Intelligence Authentication Token
+    license: Commercial
+    min-version: 2.0.9
+
   # SSBL FP blacklist ruleset.
   sslbl/ssl-fp-blacklist:
     summary: Abuse.ch SSL Blacklist