OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: abulafia on October 13, 2021, 10:46:35 am
-
https://sslbl.abuse.ch/blacklist/ states:
In addition, SSLBL provides a more performant Suricata ruleset that uses tls_cert_fingerprint instead of tls.fingerprint. Please use either the ruleset above (sslblacklist.rules) OR sslblacklist_tls_cert.rules from below. Do not use both of them at the same time.
...
In order to use the more perfomant Suricata ruleset avilable for download below, you must run Suricata 4.1.0 or newer.
https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.rules
Would it be possible to replace the current SSLBL ruleset with the more performant TLS ruleset? Or add it as a custom ruleset?
(the "user defined" tab only seems to permit adding custom rules, not custom rulesets)