Other sources to convert/bridge (OWASP)

Other free sources [from suricata](https://github.com/OISF/suricata-update/blob/master/suricata/update/data/index.py) IDS:
- oisf/trafficid	https://openinfosecfoundation.org/rules/trafficid/trafficid.rules
- sslbl/ja3-fingerprints	https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules
- et/open	https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz
- ptresearch/attackdetection	https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz
- sslbl/ssl-fp-blacklist	https://sslbl.abuse.ch/blacklist/sslblacklist.rules
- tgreen/hunting	https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules
- etnetera/aggressive	https://security.etnetera.cz/feeds/etn_aggressive.rules
- https://github.com/seanlinmt/suricata/tree/master/files/rules
- https://urlhaus.abuse.ch/downloads/urlhaus.tar.gz

WAF:
- https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.3/dev/rules / https://www.modsecurity.org/rules.html

The later contains things XSS/SQL injection like `union select` or `(\|\| || OR || AND) 1==1`
.... and many more which are missing from the current list (but less CMS-specific rules).


Don't you think that supporting/converting rules from `owasp-modsecurity-crs` would be a nicer long-term strategy. That way new rules provided there could automatically be used by fail2ban?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Other sources to convert/bridge (OWASP) #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Other sources to convert/bridge (OWASP) #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions