From 6c52c044b7dbebc38e3f11b35177e568b299b823 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Fri, 11 Oct 2019 08:58:02 -0600 Subject: [PATCH] index: update embedded index --- suricata/update/data/index.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/suricata/update/data/index.py b/suricata/update/data/index.py index ce4edb4..e5f37bc 100644 --- a/suricata/update/data/index.py +++ b/suricata/update/data/index.py @@ -1 +1 @@ -index = {'sources': {'oisf/trafficid': {'vendor': 'OISF', 'license': 'MIT', 'url': 'https://openinfosecfoundation.org/rules/trafficid/trafficid.rules', 'min-version': '4.0.0', 'support-url': 'https://redmine.openinfosecfoundation.org/', 'summary': 'Suricata Traffic ID ruleset'}, 'sslbl/ja3-fingerprints': {'vendor': 'Abuse.ch', 'description': "If you are running Suricata, you can use the SSLBL's Suricata JA3 FingerprintRuleset to detect and/or block malicious SSL connections in your network based on the JA3 fingerprint. Please note that your need Suricata 4.1.0 or newer in order to use the JA3 fingerprint ruleset.\n", 'license': 'Non-Commercial', 'url': 'https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules', 'min-version': '4.1.0', 'summary': 'Abuse.ch Suricata JA3 Fingerprint Ruleset'}, 'et/open': {'url': 'https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz', 'vendor': 'Proofpoint', 'description': 'Proofpoint ET Open is a timely and accurate rule set for detecting and blocking advanced threats\n', 'license': 'MIT', 'summary': 'Emerging Threats Open Ruleset'}, 'scwx/security': {'vendor': 'Secureworks', 'description': 'Broad ruleset composed of malware rules and other security-related countermeasures, and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-security_latest.tgz', 'summary': 'Secureworks suricata-security ruleset', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'scwx/malware': {'vendor': 'Secureworks', 'description': 'High-fidelity, high-priority ruleset composed mainly of malware-related countermeasures and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-malware_latest.tgz', 'summary': 'Secureworks suricata-malware ruleset', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'et/pro': {'replaces': ['et/open'], 'vendor': 'Proofpoint', 'description': 'Proofpoint ET Pro is a timely and accurate rule set for detecting and blocking advanced threats\n', 'license': 'Commercial', 'url': 'https://rules.emergingthreatspro.com/%(secret-code)s/suricata-%(__version__)s/etpro.rules.tar.gz', 'summary': 'Emerging Threats Pro Ruleset', 'subscribe-url': 'https://www.proofpoint.com/us/threat-insight/et-pro-ruleset', 'parameters': {'secret-code': {'prompt': 'Emerging Threats Pro access code'}}}, 'ptresearch/attackdetection': {'vendor': 'Positive Technologies', 'description': u'The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers\u2019 TTPs, so we develop Suricata rules for detecting all sorts of such activities.\n', 'license': 'Custom', 'url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz', 'license-url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/LICENSE', 'summary': 'Positive Technologies Attack Detection Team ruleset'}, 'sslbl/ssl-fp-blacklist': {'url': 'https://sslbl.abuse.ch/blacklist/sslblacklist.rules', 'vendor': 'Abuse.ch', 'description': 'The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.\n', 'license': 'Non-Commercial', 'summary': 'Abuse.ch SSL Blacklist'}, 'tgreen/hunting': {'vendor': 'tgreen', 'description': 'Heuristic ruleset for hunting. Focus on anomaly detection and showcasing latest engine features, not performance.\n', 'license': 'GPLv3', 'url': 'https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules', 'min-version': '4.1.0', 'summary': 'Threat hunting rules'}, 'etnetera/aggressive': {'url': 'https://security.etnetera.cz/feeds/etn_aggressive.rules', 'vendor': 'Etnetera a.s.', 'min-version': '4.0.0', 'license': 'MIT', 'summary': 'Etnetera aggressive IP blacklist'}}, 'version': 1} \ No newline at end of file +index = {'sources': {'oisf/trafficid': {'vendor': 'OISF', 'license': 'MIT', 'url': 'https://openinfosecfoundation.org/rules/trafficid/trafficid.rules', 'checksum': False, 'min-version': '4.0.0', 'support-url': 'https://redmine.openinfosecfoundation.org/', 'summary': 'Suricata Traffic ID ruleset'}, 'sslbl/ja3-fingerprints': {'vendor': 'Abuse.ch', 'description': "If you are running Suricata, you can use the SSLBL's Suricata JA3 FingerprintRuleset to detect and/or block malicious SSL connections in your network based on the JA3 fingerprint. Please note that your need Suricata 4.1.0 or newer in order to use the JA3 fingerprint ruleset.\n", 'license': 'Non-Commercial', 'url': 'https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules', 'checksum': False, 'min-version': '4.1.0', 'summary': 'Abuse.ch Suricata JA3 Fingerprint Ruleset'}, 'et/open': {'url': 'https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz', 'vendor': 'Proofpoint', 'description': 'Proofpoint ET Open is a timely and accurate rule set for detecting and blocking advanced threats\n', 'license': 'MIT', 'summary': 'Emerging Threats Open Ruleset'}, 'scwx/security': {'vendor': 'Secureworks', 'description': 'Broad ruleset composed of malware rules and other security-related countermeasures, and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-security_latest.tgz', 'summary': 'Secureworks suricata-security ruleset', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'scwx/malware': {'vendor': 'Secureworks', 'description': 'High-fidelity, high-priority ruleset composed mainly of malware-related countermeasures and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-malware_latest.tgz', 'summary': 'Secureworks suricata-malware ruleset', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'et/pro': {'replaces': ['et/open'], 'vendor': 'Proofpoint', 'description': 'Proofpoint ET Pro is a timely and accurate rule set for detecting and blocking advanced threats\n', 'license': 'Commercial', 'url': 'https://rules.emergingthreatspro.com/%(secret-code)s/suricata-%(__version__)s/etpro.rules.tar.gz', 'checksum': False, 'summary': 'Emerging Threats Pro Ruleset', 'subscribe-url': 'https://www.proofpoint.com/us/threat-insight/et-pro-ruleset', 'parameters': {'secret-code': {'prompt': 'Emerging Threats Pro access code'}}}, 'ptresearch/attackdetection': {'vendor': 'Positive Technologies', 'description': u'The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers\u2019 TTPs, so we develop Suricata rules for detecting all sorts of such activities.\n', 'license': 'Custom', 'url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz', 'license-url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/LICENSE', 'summary': 'Positive Technologies Attack Detection Team ruleset'}, 'sslbl/ssl-fp-blacklist': {'vendor': 'Abuse.ch', 'description': 'The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.\n', 'license': 'Non-Commercial', 'url': 'https://sslbl.abuse.ch/blacklist/sslblacklist.rules', 'checksum': False, 'summary': 'Abuse.ch SSL Blacklist'}, 'tgreen/hunting': {'vendor': 'tgreen', 'description': 'Heuristic ruleset for hunting. Focus on anomaly detection and showcasing latest engine features, not performance.\n', 'license': 'GPLv3', 'url': 'https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules', 'checksum': False, 'min-version': '4.1.0', 'summary': 'Threat hunting rules'}, 'etnetera/aggressive': {'vendor': 'Etnetera a.s.', 'license': 'MIT', 'url': 'https://security.etnetera.cz/feeds/etn_aggressive.rules', 'checksum': False, 'min-version': '4.0.0', 'summary': 'Etnetera aggressive IP blacklist'}}, 'version': 1} \ No newline at end of file -- 2.47.3