OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: abulafia on October 13, 2021, 10:46:35 am

Title: Abuse.ch SSBL - more performant TLS ruleset?
Post by: abulafia on October 13, 2021, 10:46:35 am
https://sslbl.abuse.ch/blacklist/ states:

Quote
In addition, SSLBL provides a more performant Suricata ruleset that uses tls_cert_fingerprint instead of tls.fingerprint. Please use either the ruleset above (sslblacklist.rules) OR sslblacklist_tls_cert.rules from below. Do not use both of them at the same time.

...

In order to use the more perfomant Suricata ruleset avilable for download below, you must run Suricata 4.1.0 or newer.

https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.rules

Would it be possible to replace the current SSLBL ruleset with the more performant TLS ruleset? Or add it as a custom ruleset?

(the "user defined" tab only seems to permit adding custom rules, not custom rulesets)