Feature #2318: matching on large amounts of data with dynamic updates
I would like to see if Suricata can do URL reputation in addition to IP reputation.
Updated by Sahil Bhola almost 8 years ago
We get data feeds that contains IP addresses and URL's. We are using the IP reputation feature to be alerted if any of the bad IP addresses are accessed. We want the same feature for the urls. We want a feature in Suricata, where we should be able to load the urls in the reputation file with the category and reputation id (same as IP reputation) and if those urls are accessed, Suricata should generate an alert. I am attaching sample bad URL's with the reputation rating for your reference.
If you could do entire URL that would be great. Host-names are also fine with us. We have total of about 8000 bad URLs that we want to load on Suricata. Please let me know if you have any questions for me.
Updated by Victor Julien over 4 years ago
- Status changed from New to Closed
- Assignee changed from Community Ticket to Victor Julien
- Target version changed from TBD to 5.0rc1
alert http any any -> any any (http.uri; datarep:uri_rep, >, 200, load uri_rep.rep, type string; sid:4;)