Threats from abuse.ch / URLhaus not generating alerts

Started by robert.haugen@gmail.com, December 14, 2025, 12:36:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 14, 2025, 12:36:24 PM Last Edit: December 14, 2025, 03:22:46 PM by robert.haugen@gmail.com
Threats from abuse.ch / URLhaus not generating alerts

Threat intelligence feeds from abuse.ch / URLhaus are not generating alerts.

I have enabled abuse.ch / URLhaus and configured all associated rules to generate alerts.

Example:

SID: 81873344

URL: https://urlhaus.abuse.ch/url/1010244/

Test performed:

curl https://pastebin.com/raw/beW39LtA --output bull.shit


This activity does not generate any alert in Suricata.

curl http://testmyids.com Works Ok.

However, Microsoft Defender on my PC does generate an alert for the same test.
December 14, 2025, 03:33:13 PM #1
Found the solution.

Does not detect https
Print
Go Up Pages1
User actions