From 8d1d4b8bdb1f1e78a8aa5d0dacc89ffd0aa39727 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 25 Jan 2016 12:24:01 +0100 Subject: [PATCH 1/5] Emerging Threats IDS rules for Snort and Suricata --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 00abedd..d88d87e 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,15 @@ Feel free to [contribute](CONTRIBUTING.md). Deepviz offers a sandbox for analyzing malware and has an API available with threat intelligence harvested from the sandbox. - + + + + Emerging Threats IDS Rules + + + A collection of Snort and Suricata rules files that can be used for alerting or blocking. + + OpenPhish Feeds From bc680c1d4fb01302718a4040c3cf8def00512f8f Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 25 Jan 2016 12:27:41 +0100 Subject: [PATCH 2/5] Emerging Threats Firewall rules --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index d88d87e..25a3d77 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,14 @@ Feel free to [contribute](CONTRIBUTING.md). Deepviz offers a sandbox for analyzing malware and has an API available with threat intelligence harvested from the sandbox. + + + Emerging Threats Firewall Rules + + + A collection of rules for several types of firewalls, including iptables, PF and PIX. + + Emerging Threats IDS Rules From 71a5025a54685f7685e1a8636de04ba71933ba67 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 25 Jan 2016 12:45:10 +0100 Subject: [PATCH 3/5] I-Blocklist lists added --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 25a3d77..18d4698 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,14 @@ Feel free to [contribute](CONTRIBUTING.md). A collection of Snort and Suricata rules files that can be used for alerting or blocking. + + + I-Blocklist + + + I-Blocklist maintains several types of lists containing IP addresses belonging to various categories. Some of these main categories include countries, ISPs and organizations. Other lists include web attacks, TOR, spyware and proxies. Many are free to use, and available in various formats. + + OpenPhish Feeds From 2cffafc6d0b119f0b456b651fc0b847a301f6655 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 25 Jan 2016 12:49:33 +0100 Subject: [PATCH 4/5] MalwareDomains DNS blacklist added --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 18d4698..939a096 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,14 @@ Feel free to [contribute](CONTRIBUTING.md). I-Blocklist maintains several types of lists containing IP addresses belonging to various categories. Some of these main categories include countries, ISPs and organizations. Other lists include web attacks, TOR, spyware and proxies. Many are free to use, and available in various formats. + + + MalwareDomains.com + + + The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests). + + OpenPhish Feeds From f94c0cdffc59b099c0f6d0864d89045429c463e8 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 25 Jan 2016 12:53:47 +0100 Subject: [PATCH 5/5] Small expl. added about TI sources --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 939a096..e270054 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,10 @@ Feel free to [contribute](CONTRIBUTING.md). ## Sources +Most of the resources listed below provide lists and/or APIs to obtain (hopefully) up-to-date information with regards to threats. +Some consider these sources as threat intelligence, opinions differ however. +A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence. +