nids-rule-library
Collection of various open-source and commercial rulesets for NIDS (especially for Suricata and Snort)
Motivation
This project collects various open-source and commercial available rulesets for NIDS (network intrustion detection systems), especially for Suricata and Snort. The goal of this library is to get an easy overview of various rule sources/providers.
Contribution
If you would like to add a source you can simply create an issue or a merge request.
Rulesets
Suricata
- Proofpoint/Emerging Threats ET Open ruleset
- Proofpoint/Emerging Threats ET PRO ruleset
- Attack Detection from Positive Technologies
- ABUSE CH SSL TLS Cert Blacklist
- ABUSE CH JA3 Fingerprints
- ABUSE CH SSL IP Blacklist
- ABUSE CH URLhaus
- Etnetera IP blacklist
- Quandrantsec Sagan ruleset
- Travis Green Threat Hunting ruleset
- SecureWorks Security/Malware ruleset
- OISF Traffic ID rules
- CrowdStrike
- Stamus Networks
Please also check Suriata-Update's rule index for more sources.
Snort
- Talos Snort Ruleset
- Proofpoint/Emerging Threats ET Open ruleset
- Proofpoint/Emerging Threats ET PRO ruleset
- CrowdStrike