Commonly used Suricata rulesets

Any source that can be downloaded in the standard Suricata ruleset format, and does not require authentication, can be added to the list of sources. Here is a list of common Suricata ruleset sources. Just verify the URL, modify as needed, and add it to your list of sources.

• Corelight Labs Suricata Rules: https://feed.corelight.com/rules/corelight.rules

• ET/Open: https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz

• ET/Pro: https://rules.emergingthreatspro.com/<insert-et-pro-key-here>/suricata-7.0.3/etpro.rules.tar.gz

  This ruleset applies to Suricata 7.0.3, which was added in Corelight Sensor v27.11.

• oisf/trafficid: https://openinfosecfoundation.org/rules/trafficid/trafficid.rules

• ptresearch/attackdetection: https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz

• scwx/enhanced: https://ws.secureworks.com/ti/ruleset/<insert-secret-code-here>/Suricata_suricata-enhanced_latest.tgz

• scwx/malware: https://ws.secureworks.com/ti/ruleset/<insert-secret-code-here>/Suricata_suricata-malware_latest.tgz

• scwx/security: https://ws.secureworks.com/ti/ruleset/<insert-secret-code-here>/Suricata_suricata-security_latest.tgz

• sslbl/ssl-fp-blacklist: https://sslbl.abuse.ch/blacklist/sslblacklist.rules

• sslbl/js3-fingerprints: https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules

• etnetera/aggressive: https://security.etnetera.cz/feeds/etn_aggressive.rules

• tgreen/hunting: https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules

• malsilo: https://malsilo.gitlab.io/feeds/dumps/malsilo.rules.tar.gz