Abuse.ch SSBL - more performant TLS ruleset?

abulafia · October 13, 2021, 10:46:35 AM

https://sslbl.abuse.ch/blacklist/ states:

QuoteIn addition, SSLBL provides a more performant Suricata ruleset that uses tls_cert_fingerprint instead of tls.fingerprint. Please use either the ruleset above (sslblacklist.rules) OR sslblacklist_tls_cert.rules from below. Do not use both of them at the same time.

...

In order to use the more perfomant Suricata ruleset avilable for download below, you must run Suricata 4.1.0 or newer.

https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.rules

Would it be possible to replace the current SSLBL ruleset with the more performant TLS ruleset? Or add it as a custom ruleset?

(the "user defined" tab only seems to permit adding custom rules, not custom rulesets)

Abuse.ch SSBL - more performant TLS ruleset?

abulafia

October 13, 2021, 10:46:35 AM