├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── README.md ├── classification.config ├── disable.conf ├── iprep ├── categories.txt ├── reputation.list └── tor.list ├── reference.config ├── rules ├── BSD-License.txt ├── LICENSE ├── Maliciousbehavior.rules ├── Mining_Behavior_Detection.rules ├── app-layer-events.rules ├── botcc.portgrouped.rules ├── botcc.rules ├── btc.rules ├── ciarmy.rules ├── classification.config ├── cobaltstrike.rules ├── compromised-ips.txt ├── compromised.rules ├── decoder-events.rules ├── dnp3-events.rules ├── dns-events.rules ├── dnstunnel.rules ├── drop.rules ├── dshield.rules ├── emerging-activex.rules ├── emerging-attack_response.rules ├── emerging-chat.rules ├── emerging-current_events.rules ├── emerging-deleted.rules ├── emerging-dns.rules ├── emerging-dos.rules ├── emerging-exploit.rules ├── emerging-ftp.rules ├── emerging-games.rules ├── emerging-icmp.rules ├── emerging-icmp_info.rules ├── emerging-imap.rules ├── emerging-inappropriate.rules ├── emerging-info.rules ├── emerging-malware.rules ├── emerging-misc.rules ├── emerging-mobile_malware.rules ├── emerging-netbios.rules ├── emerging-p2p.rules ├── emerging-policy.rules ├── emerging-pop3.rules ├── emerging-rpc.rules ├── emerging-scada.rules ├── emerging-scan.rules ├── emerging-shellcode.rules ├── emerging-smtp.rules ├── emerging-snmp.rules ├── emerging-sql.rules ├── emerging-telnet.rules ├── emerging-tftp.rules ├── emerging-trojan.rules ├── emerging-user_agents.rules ├── emerging-voip.rules ├── emerging-web_client.rules ├── emerging-web_server.rules ├── emerging-web_specific_apps.rules ├── emerging-worm.rules ├── empire.rules ├── files.rules ├── http-events.rules ├── metasploit.rules ├── modbus-events.rules ├── ms17010.rules ├── mysql_general_log_file.rules ├── nfs-events.rules ├── ntp-events.rules ├── sid-msg.map ├── smtp-events.rules ├── stream-events.rules ├── suspicious.rules ├── tls-events.rules ├── top155.rules ├── tor.rules ├── traffic_anomalies.rules ├── web.rules └── webshell.rules ├── suricata.yaml └── threshold.config /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/README.md -------------------------------------------------------------------------------- /classification.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/classification.config -------------------------------------------------------------------------------- /disable.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/disable.conf -------------------------------------------------------------------------------- /iprep/categories.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /iprep/reputation.list: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /iprep/tor.list: -------------------------------------------------------------------------------- 1 | 1 -------------------------------------------------------------------------------- /reference.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/reference.config -------------------------------------------------------------------------------- /rules/BSD-License.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/BSD-License.txt -------------------------------------------------------------------------------- /rules/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/LICENSE -------------------------------------------------------------------------------- /rules/Maliciousbehavior.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/Maliciousbehavior.rules -------------------------------------------------------------------------------- /rules/Mining_Behavior_Detection.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/Mining_Behavior_Detection.rules -------------------------------------------------------------------------------- /rules/app-layer-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/app-layer-events.rules -------------------------------------------------------------------------------- /rules/botcc.portgrouped.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/botcc.portgrouped.rules -------------------------------------------------------------------------------- /rules/botcc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/botcc.rules -------------------------------------------------------------------------------- /rules/btc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/btc.rules -------------------------------------------------------------------------------- /rules/ciarmy.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/ciarmy.rules -------------------------------------------------------------------------------- /rules/classification.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/classification.config -------------------------------------------------------------------------------- /rules/cobaltstrike.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/cobaltstrike.rules -------------------------------------------------------------------------------- /rules/compromised-ips.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/compromised-ips.txt -------------------------------------------------------------------------------- /rules/compromised.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/compromised.rules -------------------------------------------------------------------------------- /rules/decoder-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/decoder-events.rules -------------------------------------------------------------------------------- /rules/dnp3-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/dnp3-events.rules -------------------------------------------------------------------------------- /rules/dns-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/dns-events.rules -------------------------------------------------------------------------------- /rules/dnstunnel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/dnstunnel.rules -------------------------------------------------------------------------------- /rules/drop.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/drop.rules -------------------------------------------------------------------------------- /rules/dshield.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/dshield.rules -------------------------------------------------------------------------------- /rules/emerging-activex.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-activex.rules -------------------------------------------------------------------------------- /rules/emerging-attack_response.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-attack_response.rules -------------------------------------------------------------------------------- /rules/emerging-chat.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-chat.rules -------------------------------------------------------------------------------- /rules/emerging-current_events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-current_events.rules -------------------------------------------------------------------------------- /rules/emerging-deleted.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-deleted.rules -------------------------------------------------------------------------------- /rules/emerging-dns.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-dns.rules -------------------------------------------------------------------------------- /rules/emerging-dos.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-dos.rules -------------------------------------------------------------------------------- /rules/emerging-exploit.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-exploit.rules -------------------------------------------------------------------------------- /rules/emerging-ftp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-ftp.rules -------------------------------------------------------------------------------- /rules/emerging-games.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-games.rules -------------------------------------------------------------------------------- /rules/emerging-icmp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-icmp.rules -------------------------------------------------------------------------------- /rules/emerging-icmp_info.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-icmp_info.rules -------------------------------------------------------------------------------- /rules/emerging-imap.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-imap.rules -------------------------------------------------------------------------------- /rules/emerging-inappropriate.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-inappropriate.rules -------------------------------------------------------------------------------- /rules/emerging-info.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-info.rules -------------------------------------------------------------------------------- /rules/emerging-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-malware.rules -------------------------------------------------------------------------------- /rules/emerging-misc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-misc.rules -------------------------------------------------------------------------------- /rules/emerging-mobile_malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-mobile_malware.rules -------------------------------------------------------------------------------- /rules/emerging-netbios.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-netbios.rules -------------------------------------------------------------------------------- /rules/emerging-p2p.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-p2p.rules -------------------------------------------------------------------------------- /rules/emerging-policy.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-policy.rules -------------------------------------------------------------------------------- /rules/emerging-pop3.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-pop3.rules -------------------------------------------------------------------------------- /rules/emerging-rpc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-rpc.rules -------------------------------------------------------------------------------- /rules/emerging-scada.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-scada.rules -------------------------------------------------------------------------------- /rules/emerging-scan.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-scan.rules -------------------------------------------------------------------------------- /rules/emerging-shellcode.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-shellcode.rules -------------------------------------------------------------------------------- /rules/emerging-smtp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-smtp.rules -------------------------------------------------------------------------------- /rules/emerging-snmp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-snmp.rules -------------------------------------------------------------------------------- /rules/emerging-sql.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-sql.rules -------------------------------------------------------------------------------- /rules/emerging-telnet.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-telnet.rules -------------------------------------------------------------------------------- /rules/emerging-tftp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-tftp.rules -------------------------------------------------------------------------------- /rules/emerging-trojan.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-trojan.rules -------------------------------------------------------------------------------- /rules/emerging-user_agents.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-user_agents.rules -------------------------------------------------------------------------------- /rules/emerging-voip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-voip.rules -------------------------------------------------------------------------------- /rules/emerging-web_client.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-web_client.rules -------------------------------------------------------------------------------- /rules/emerging-web_server.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-web_server.rules -------------------------------------------------------------------------------- /rules/emerging-web_specific_apps.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-web_specific_apps.rules -------------------------------------------------------------------------------- /rules/emerging-worm.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/emerging-worm.rules -------------------------------------------------------------------------------- /rules/empire.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/empire.rules -------------------------------------------------------------------------------- /rules/files.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/files.rules -------------------------------------------------------------------------------- /rules/http-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/http-events.rules -------------------------------------------------------------------------------- /rules/metasploit.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/metasploit.rules -------------------------------------------------------------------------------- /rules/modbus-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/modbus-events.rules -------------------------------------------------------------------------------- /rules/ms17010.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/ms17010.rules -------------------------------------------------------------------------------- /rules/mysql_general_log_file.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/mysql_general_log_file.rules -------------------------------------------------------------------------------- /rules/nfs-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/nfs-events.rules -------------------------------------------------------------------------------- /rules/ntp-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/ntp-events.rules -------------------------------------------------------------------------------- /rules/sid-msg.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/sid-msg.map -------------------------------------------------------------------------------- /rules/smtp-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/smtp-events.rules -------------------------------------------------------------------------------- /rules/stream-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/stream-events.rules -------------------------------------------------------------------------------- /rules/suspicious.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/suspicious.rules -------------------------------------------------------------------------------- /rules/tls-events.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/tls-events.rules -------------------------------------------------------------------------------- /rules/top155.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/top155.rules -------------------------------------------------------------------------------- /rules/tor.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/tor.rules -------------------------------------------------------------------------------- /rules/traffic_anomalies.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/traffic_anomalies.rules -------------------------------------------------------------------------------- /rules/web.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/web.rules -------------------------------------------------------------------------------- /rules/webshell.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/rules/webshell.rules -------------------------------------------------------------------------------- /suricata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/suricata.yaml -------------------------------------------------------------------------------- /threshold.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xisafe/suricata-rule/HEAD/threshold.config --------------------------------------------------------------------------------