Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/klingerko/nids-rule-library

Collection of various open-source an commercial rulesets for NIDS (especially for Suricata and Snort)
https://github.com/klingerko/nids-rule-library

Last synced: 3 months ago
JSON representation

Collection of various open-source an commercial rulesets for NIDS (especially for Suricata and Snort)

Host: GitHub
URL: https://github.com/klingerko/nids-rule-library
Owner: klingerko
License: mit
Created: 2019-08-10T08:48:34.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-07-24T14:29:59.000Z (over 1 year ago)
Last Synced: 2024-08-02T07:11:45.709Z (6 months ago)
Size: 3.91 KB
Stars: 18
Watchers: 1
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-suricata - nids-rule-library - Collection of various open-source and commercial rulesets. (Rule Sets)

README

        # nids-rule-library

## Collection of various open-source and commercial rulesets for NIDS (especially for Suricata and Snort)

### Motivation

This project collects various open-source and commercial available rulesets for NIDS (network intrustion detection systems), especially for Suricata and Snort. The goal of this library is to get an easy overview of various rule sources/providers. 

### Contribution

If you would like to add a source you can simply create an issue or a merge request.

### Rulesets

#### Suricata

* [Proofpoint/Emerging Threats ET Open ruleset](https://rules.emergingthreats.net/open/suricata/rules/)

* [Proofpoint/Emerging Threats ET PRO ruleset](https://www.proofpoint.com/au/products/et-pro-ruleset)

* [Attack Detection from Positive Technologies](https://github.com/ptresearch/AttackDetection)

* [ABUSE CH SSL TLS Cert Blacklist](https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.rules)

* [ABUSE CH JA3 Fingerprints](https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules)

* [ABUSE CH SSL IP Blacklist](https://sslbl.abuse.ch/blacklist/sslipblacklist.rules)

* [ABUSE CH URLhaus](https://urlhaus.abuse.ch/downloads/ids)

* [Etnetera IP blacklist](https://security.etnetera.cz/feeds/etn_aggressive.rules)

* [Quandrantsec Sagan ruleset](https://github.com/beave/sagan-rules/)

* [Travis Green Threat Hunting ruleset](https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules)

* [SecureWorks Security/Malware ruleset](https://www.secureworks.com/contact/)

* [OISF Traffic ID rules](https://openinfosecfoundation.org/rules/trafficid/trafficid.rules)

* CrowdStrike

* [Stamus Networks](https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata)

Please also check [Suriata-Update's](https://github.com/OISF/suricata-update/) rule index for more sources.

#### Snort 

* [Talos Snort Ruleset](https://www.snort.org/talos)

* [Proofpoint/Emerging Threats ET Open ruleset](https://rules.emergingthreats.net/open/snort-2.9.0/rules/)

* [Proofpoint/Emerging Threats ET PRO ruleset](https://www.proofpoint.com/au/products/et-pro-ruleset)

* CrowdStrike

#### Other feeds

* [Bambenek OSINT C2 domain list](https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt)