Newly Registered Domain Threat Intel Feeds for Suricata
-
-
I really don't have an opinion on the merits of using that list. Depends on what types of vulnerabilities and corresponding threats you have assessed for your network.
From what I gleaned from the link provided, the rules are simply zipped up in a gzip archive just like the other rules packages. So, to use them, you simply enter the rule package download URL along with your subscriber code (which is part of the URL you use) into the Extra Rules section under the GLOBAL SETTINGS tab.
For example, you would input this into an Extra Rules entry on that tab:
https://ti.stamus-networks.io/SECRETCODEHERE/sti-domains-entropy-30.tar.gz
. Replace SECRETCODEHERE with your personal subscriber code obtained from registering at their website.The reason the Extra Rules section was added to the GLOBAL SETTINGS page is allow users to provide their own unique sources of rules without everything having to be default packaged in the app.
-
I'm looking at this youtube, about datasets. on 21:58, the dataset source is added. I've been looking at the pgfsense/suricata interface, but can't find where a dataset file (source) is added.
I assume this is possible, just need to know where...
thanks
suricata version is 6.0.13 on pfsense 2.7.0-RELEASE (amd64)
-
@jpgpi250 said in Newly Registered Domain Threat Intel Feeds for Suricata:
I'm looking at this youtube, about datasets. on 21:58, the dataset source is added. I've been looking at the pgfsense/suricata interface, but can't find where a dataset file (source) is added.
I assume this is possible, just need to know where...
thanks
suricata version is 6.0.13 on pfsense 2.7.0-RELEASE (amd64)
Currently dataset source files are not supported within the GUI. Datasets are a relatively new feature in Suricata and support for them has not been added to the GUI.
When I first saw your post and quickly reviewed the link you provided, I assumed it was regular text rules.