From patchwork Thu Mar 21 20:51:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 7656 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4V0yLZ11c7z3ww6 for ; Thu, 21 Mar 2024 20:51:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4V0yLG33ZBzFM2; Thu, 21 Mar 2024 20:51:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4V0yLG2ZKnz32v4; Thu, 21 Mar 2024 20:51:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4V0yL93CCfz32v5 for ; Thu, 21 Mar 2024 20:51:29 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4V0yL869Dhzn8; Thu, 21 Mar 2024 20:51:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1711054289; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BOCVsjmdu/0/LFYuyn7y9eX49KTP6NGwX90Ga5wVkpc=; b=fE0Xe5o9DtExE1O/iesCJRHqOv9cFGMjVmOVKi/fynWab+FWBhaXHa27iHsSc2/391GlCa lmM0B+juvcWrGaDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1711054289; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BOCVsjmdu/0/LFYuyn7y9eX49KTP6NGwX90Ga5wVkpc=; b=OAesBtOjImbftNnAjE81fEZDuVzA5EU+6tvTxsXr/Vq0ZAfN6mH9/ta+vtqN5g4b10dU1W /AJ4efmTYyqiT6NSKVSrFVrG/mN3p/QbGlqG/uhaPXE9TGKk05u3gEkLKJ/F8XC46r0DtK Iy+ajsBoKzZ2Dabk+UjEKjbOBPRs8Aj+E+2lrgtMkvqj2n9QyxOXzBLD2U8u3kfC8BnvFY 1Ehy1BBOBsKOWktQ/15pJ5eHNP9/JFzlm2gB/crz4epyNPatV8M2EsbWBZAzhoCakwE+fL kpW1YZ48D6pgPjBmdDurE7JIOmqjIbYGus9g8dA73Z2Uy05AytZL/yo8JN4eUQ== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers Date: Thu, 21 Mar 2024 21:51:17 +0100 Message-Id: <20240321205118.382948-4-stefan.schantl@ipfire.org> In-Reply-To: <20240321205118.382948-1-stefan.schantl@ipfire.org> References: <20240321205118.382948-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: XLAKQ74YQCNDC4YSFG4KG4GK3GTIUYVZ X-Message-ID-Hash: XLAKQ74YQCNDC4YSFG4KG4GK3GTIUYVZ X-MailFrom: stefan.schantl@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: At least these informations are required to display something usefull on the webgui, even if a provider has been dropped. Signed-off-by: Stefan Schantl --- config/suricata/ruleset-sources | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 2b3b4ffcb..4e9ea5fa9 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,6 +97,34 @@ our %Providers = ( dl_type => "plain", }, + # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + }, + # ThreatFox threatfox => { summary => "ThreatFox Indicators Of Compromise Rules",