PT Rules
Welcome to PT Rules, an open-source project focused on enhancing network security through proactive threat detection. As the PT Expert Security Center attack detection team, we are a dedicated group of cybersecurity experts committed to improve network security through open-source initiatives.
Mission
Our mission is to identify new threats, uncover vulnerabilities, and develop detection methods and rule sets to ensure comprehensive coverage against a wide range of malicious activities.
Open-Source Collaboration
We believe in the power of community and open-source collaboration. By sharing our findings and tools, we aim to foster a collective effort in combating cybersecurity threats.
About the Portal
The portal serves as a repository of meticulously crafted Suricata rules. Each folder within the repository is clearly labeled for easy navigation and contains gzip archives.
Technical specifications
Some of our rules depend on the presence of the DC_SERVERS address group in your IDS installation. This group should contain the IP addresses of the domain controllers in your network. If you do not have such hosts, leave this variable empty.
We use SID 10000000-11999999 for our rules.
About the team
PT Expert Security Center is the defensive security department at Positive Technologies. With over 20 years’ experience in assessing cybersecurity systems, investigating incidents, and researching activities of major APT hacker groups, we leverage this knowledge and experience every day, creating standards for Positive Technologies products and solutions.
License
This software is provided under a custom License. See the accompanying LICENSE file for more information.
