pt-logo

PT Rules

Welcome to PT Rules, an open-source project focused on enhancing network security through proactive threat detection. PT Expert Security Center team is a dedicated group of cybersecurity experts committed to improve network security through open-source initiatives.

mission-icon

Mission

Our mission is to identify new threats, uncover vulnerabilities, and develop detection methods and rule sets to ensure comprehensive coverage against a wide range of malicious activities.

source-icon

Open-Source Collaboration

We believe in the power of community and open-source collaboration. By sharing our findings and tools, we aim to foster a collective effort in combating cybersecurity threats.

background-image

About the Portal

The portal serves as a repository of meticulously crafted Suricata rules. Each folder within the repository is clearly labeled for easy navigation and contains gzip archives.

Technical specifications

Technical specifications

Our rules are designed to detect a variety of network threats, including those communicated under TLS. To utilize these rules effectively, ensure that your Suricata configuration file (suricata.yaml) has encryption-handling set to full. We recommend using the suricata-update tool for timely updates and convenient work.

Some of our rules depend on the presence of the DC_SERVERS address group in your IDS installation. This group should contain the IP addresses of the domain controllers in your network. If you do not have such hosts, leave this variable empty.

We use SID 10000000-11999999 for our rules.
About the team

About the team

PT Expert Security Center is the defensive security department at Positive Technologies. With over 20 years’ experience in assessing cybersecurity systems, investigating incidents, and researching activities of major APT hacker groups, we leverage this knowledge and experience every day, creating standards for Positive Technologies products and solutions.

License

This software is provided under a custom License. See the accompanying LICENSE file for more information.

banner-check-image
banner-check-icon

Rules