Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: robert.haugen@gmail.com on December 14, 2025, 12:36:24 PM

Title: Threats from abuse.ch / URLhaus not generating alerts
Post by: robert.haugen@gmail.com on December 14, 2025, 12:36:24 PM
Threats from abuse.ch / URLhaus not generating alerts

Threat intelligence feeds from abuse.ch / URLhaus are not generating alerts.

I have enabled abuse.ch / URLhaus and configured all associated rules to generate alerts.

Example:

SID: 81873344

URL: https://urlhaus.abuse.ch/url/1010244/

Test performed:

curl https://pastebin.com/raw/beW39LtA --output bull.shit


This activity does not generate any alert in Suricata.

curl http://testmyids.com Works Ok.

However, Microsoft Defender on my PC does generate an alert for the same test.
Title: Re: Threats from abuse.ch / URLhaus not generating alerts
Post by: robert.haugen@gmail.com on December 14, 2025, 03:33:13 PM
Found the solution.

Does not detect https
Text only | Text with Images