From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers
Date: Thu, 21 Mar 2024 21:51:17 +0100 [thread overview]
Message-ID: <20240321205118.382948-4-stefan.schantl@ipfire.org> (raw)
In-Reply-To: <20240321205118.382948-1-stefan.schantl@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]
At least these informations are required to display something usefull
on the webgui, even if a provider has been dropped.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/suricata/ruleset-sources | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 2b3b4ffcb..4e9ea5fa9 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
dl_type => "plain",
},
+ # Positive Technologies Attack Detection Team rules.
+ attack_detection => {
+ summary => "PT Attack Detection Team Rules",
+ website => "https://github.com/ptresearch/AttackDetection",
+ tr_string => "attack detection team rules",
+ },
+
+ # Secureworks Security rules.
+ secureworks_security => {
+ summary => "Secureworks Security Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks security ruleset",
+ },
+
+ # Secureworks Malware rules.
+ secureworks_malware => {
+ summary => "Secureworks Malware Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks malware ruleset",
+ },
+
+ # Secureworks Enhanced rules.
+ secureworks_enhanced => {
+ summary => "Secureworks Enhanced Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks enhanced ruleset",
+ },
+
# ThreatFox
threatfox => {
summary => "ThreatFox Indicators Of Compromise Rules",
--
2.39.2
next prev parent reply other threads:[~2024-03-21 20:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
2024-03-21 20:51 ` [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported Stefan Schantl
2024-03-21 20:51 ` [PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained Stefan Schantl
2024-03-21 20:51 ` Stefan Schantl [this message]
2024-03-21 20:51 ` [PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers Stefan Schantl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240321205118.382948-4-stefan.schantl@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox