NMAP detection rules for Suricata in GitHub

albovell · May 9, 2024, 9:35am

Hi all,

in case anyone wants Suricata detection rules against different types of NMAP scans and scan speeds (T1-T5), I wrote a bundle into Github, which do just that. Tested in a SoHo / home environment with OPNsense:

https://github.com/aleksibovellan/opnsense-suricata-nmaps

Everyday scanning into our WAN interfaces does generate some extra log entries, somedays a lot, but at least I personally like to see who is trying to love my router without consent.

Be safe, everyone, and if you happen to like these rules, please consider to star the repository to make it worth the time. Thanks a lot.

Aleksi

Philippe_Antoine · May 12, 2024, 6:37pm

cc @satta for GitHub - satta/awesome-suricata: A curated list of awesome things related to Suricata

satta · May 12, 2024, 8:37pm

Thanks for the hint, added!

vjulien · May 16, 2024, 7:44am

Nice! Would be nice to include it in our index, I think:

albovell · May 20, 2024, 9:40pm

Very happy to hear the rules are found useful, and included in collections. I might do some new scan type rules in the future too. Thanks.

eleanelbert · May 24, 2024, 6:13am

Thank you for this. it is very helpful for me.

albovell · May 26, 2024, 1:15pm

Thanks a lot for taking the time to comment, and also very happy to hear that they are helping you. Me too, I wouldn’t have a router without them anymore.

Aleksi

Topic		Replies	Views
Nmap Detection via Suricata Rules suricata	1	5717	May 2, 2022
Suricata doesn't detect nmap scan suricata	1	727	December 12, 2023
Create rules on pfsense Rules ips , pfsense , suricata	2	931	September 2, 2022
Suricata default rules (suricata.rules) don't alert about nmap scans? Rules rules , suricata	6	1710	January 30, 2023
Suricata-IDS and Nmap Rules community	8	10952	August 20, 2020

NMAP detection rules for Suricata in GitHub

Related topics