Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newly Registered Domain Threat Intel Feeds for Suricata

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jpgpi250J
      jpgpi250
      last edited by

      @bmeeks

      Hi

      is this something that will work and you would recommend on the pfsense suricata implementation?

      will work? = section "For General Suricata Users:"

      Thanks for your time and effort.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        I really don't have an opinion on the merits of using that list. Depends on what types of vulnerabilities and corresponding threats you have assessed for your network.

        From what I gleaned from the link provided, the rules are simply zipped up in a gzip archive just like the other rules packages. So, to use them, you simply enter the rule package download URL along with your subscriber code (which is part of the URL you use) into the Extra Rules section under the GLOBAL SETTINGS tab.

        For example, you would input this into an Extra Rules entry on that tab: https://ti.stamus-networks.io/SECRETCODEHERE/sti-domains-entropy-30.tar.gz. Replace SECRETCODEHERE with your personal subscriber code obtained from registering at their website.

        The reason the Extra Rules section was added to the GLOBAL SETTINGS page is allow users to provide their own unique sources of rules without everything having to be default packaged in the app.

        jpgpi250J 1 Reply Last reply Reply Quote 0
        • jpgpi250J
          jpgpi250 @bmeeks
          last edited by

          @bmeeks

          I'm looking at this youtube, about datasets. on 21:58, the dataset source is added. I've been looking at the pgfsense/suricata interface, but can't find where a dataset file (source) is added.

          I assume this is possible, just need to know where...

          thanks

          suricata version is 6.0.13 on pfsense 2.7.0-RELEASE (amd64)

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @jpgpi250
            last edited by

            @jpgpi250 said in Newly Registered Domain Threat Intel Feeds for Suricata:

            @bmeeks

            I'm looking at this youtube, about datasets. on 21:58, the dataset source is added. I've been looking at the pgfsense/suricata interface, but can't find where a dataset file (source) is added.

            I assume this is possible, just need to know where...

            thanks

            suricata version is 6.0.13 on pfsense 2.7.0-RELEASE (amd64)

            Currently dataset source files are not supported within the GUI. Datasets are a relatively new feature in Suricata and support for them has not been added to the GUI.

            When I first saw your post and quickly reviewed the link you provided, I assumed it was regular text rules.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.