Hi everyone,
I am incredibly excited to announce that my open-source project, julioliraup/Antiphishing, has been officially added to the suricata-update source index!
As the author of this project, I developed it from scratch to address the constant influx of phishing campaigns. The ruleset dynamically maps active threat vectors—specifically generating automated TLS, DNS, and HTTP rules using integrated community intelligence feeds (such as PhishStats and OpenPhish).
Key Features:
- SID Range:
6000000-6100000(Carefully aligned to prevent overlaps). - High-Frequency Updates: Assures fresh coverage against fast-cycling phishing domains.
- Threat Intelligence Portal: If you want to search or analyze the tracked vectors outside the rule engine, check out our lookup portal at ANTIPHISHING PANEL .
How to Enable:
You can now easily enable the ruleset directly via your terminal:
$ suricata-update enable-source julioliraup/antiphishing
$ suricata-update
Open for Contributions & Feedback
This is a community-driven initiative licensed under GPL-v3. If you want to contribute, submit new feeds, or report false positives, please check our GitHub repository.
I’m very happy to hit this milestone and look forward to hearing your feedback on how it performs in your environments!
Project Link: https://github.com/julioliraup/Antiphishing