OPNsense includes a very polished solution to block protected sites based on
their SSL fingerprint, you can add rules manually in the "User defined tab".
---------------------------
Rulesets
---------------------------
..toctree::
:maxdepth:2
:titlesonly:
:glob:
etpro_telemetry
...................................
Emerging Threats ETOpen Ruleset
-------------------------------
...................................
The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables
users with cost constraints to significantly enhance their existing network-based
malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not
@ -19,14 +103,16 @@ OPNsense has integrated support for ET Open rules.
For details and Guidelines see: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ
For rules documentation: http://doc.emergingthreats.net/
--------
...................................
Abuse.ch
--------
...................................
Abuse.ch offer several blacklist for protecting against fraudulent networks.
OPNsense has integrated support for:
...................................
SSL Blacklist
-------------
...................................
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide
a list of "bad" SSL certificates identified by abuse.ch to be associated with
malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL
@ -34,8 +120,10 @@ certificates and offers various blacklists.
See for details: https://sslbl.abuse.ch/
...................................
Feodo Tracker
-------------
...................................
Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo, and they are labeled by Feodo Tracker as version A, version B, version C and version D:
* **Version A**
@ -57,22 +145,17 @@ Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud
See for details: https://feodotracker.abuse.ch/
...................................
URLHaus List
-------------
...................................
With OPNsense version 18.1.7 we inroduced the URLHaus List from abuse.ch which collects
compromised sites distributing malware.
See for details: https://urlhaus.abuse.ch/
---------------
Finger Printing
---------------
OPNsense includes a very polished solution to block protected sites based on
their SSL fingerprint.
-------------------
...................................
App detection rules
-------------------
...................................
With OPNsense version 18.1.11 we introduced the app detection ruleset.
Since about 80 percent of traffic are web applications these rules are focused on