curben
/
phishing-filter
mirror of https://gitlab.com/malware-filter/phishing-filter
1
0
Fork 0
Code Issues Releases Wiki Activity

docs: typo

This commit is contained in:
MDLeom 2025-05-24 23:54:15 +00:00
parent d111f7aeda
commit df88621042
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -200,7 +200,7 @@ rule-files:
### Suricata (SNI)
This ruleset includes online domains only. It enables Suricata to detect malicious HTTPS-enabled domains by inspecting the SNI in the [unencrypted ClientHello](https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications) message. There is increasing support for encrypted Client Hello which defeats SNI inspection.
This ruleset includes online domains only. It enables Suricata to detect malicious HTTPS-enabled domains by inspecting the SNI in the [unencrypted ClientHello](https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications) message. However, there is increasing support for encrypted Client Hello which defeats SNI inspection.
## Splunk

2
src/script.sh
View File

@ -409,7 +409,7 @@ sed -i "1i $COMMENT" "../public/phishing-filter-suricata.rules"
sed -i "1s/Domains Blocklist/URL Suricata Ruleset/" "../public/phishing-filter-suricata.rules"
sed -i "1i $COMMENT" "../public/phishing-filter-suricata-sni.rules"
sed -i "1s/Domains Blocklist/Domain Suricata Ruleset (SNI)/" "../public/phishing-filter-suricata-sni.rules"
sed -i "1s/Domains Blocklist/Domains Suricata Ruleset (SNI)/" "../public/phishing-filter-suricata-sni.rules"
sed -i -e "1i $COMMENT" -e '1i "host","path","message","updated"' "../public/phishing-filter-splunk.csv"
sed -i "1s/Domains Blocklist/URL Splunk Lookup/" "../public/phishing-filter-splunk.csv"