suricata IDS的规则,测试在用的,部分自写的规则视情况放出。 规则如下
- myself.rules 目前没有放出,主要是识别木马
- botcc.rules
- btc.rules
- files.rules
- cobaltstrike.rules
- dnstunnel.rules
- Mining_Behavior_Detection.rules
- Maliciousbehavior.rules
- mysql_general_log_file.rules
- traffic_anomalies.rules
- suspicious.rules
- tor.rules
- web.rules
- empire.rules
- webshell.rules
- metasploit.rules
- http-events.rules # available in suricata sources under rules dir
- smtp-events.rules # available in suricata sources under rules dir
- dns-events.rules # available in suricata sources under rules dir
- tls-events.rules # available in suricata sources under rules dir
- app-layer-events.rules
- decoder-events.rules