[Open Source] My antiphishing Suricata ruleset is now officially in suricata-update! Looking for contributors
An open-source antiphishing ruleset for Suricata has been officially added to the suricata-update source index. This project provides frequently updated, dynamic signatures targeting phishing attack vectors by ingesting indicators from trusted community sources. It includes automated TLS, DNS, and HTTP rules designed to mitigate phishing threats. The project also offers a companion web dashboard for real-time threat analysis and deployment guides for various platforms.
AI Analysis
Technical Summary
The julioliraup/Antiphishing project is an open-source initiative that delivers high-frequency, automated Suricata rules targeting active phishing domains. These rules are dynamically generated from trusted phishing indicator sources such as PhishStats and OpenPhish, covering TLS, DNS, and HTTP protocols with signature IDs in the range 6000000 to 6100000. The ruleset is integrated into the official suricata-update source index, facilitating automated updates. Additionally, the project provides a web-based threat intelligence lookup portal and platform-specific deployment instructions to ensure proper integration without configuration conflicts.
Potential Impact
This project enhances detection and mitigation capabilities against phishing attacks by providing timely and automated Suricata rules. It does not represent a vulnerability or threat itself but rather a defensive resource to improve network security posture against phishing threats.
Mitigation Recommendations
No remediation or patch is required as this is not a vulnerability but a security enhancement. Users of Suricata are encouraged to integrate this ruleset via suricata-update to improve phishing detection. Follow the provided deployment guides to ensure correct installation and avoid configuration issues.
[Open Source] My antiphishing Suricata ruleset is now officially in suricata-update! Looking for contributors
Description
An open-source antiphishing ruleset for Suricata has been officially added to the suricata-update source index. This project provides frequently updated, dynamic signatures targeting phishing attack vectors by ingesting indicators from trusted community sources. It includes automated TLS, DNS, and HTTP rules designed to mitigate phishing threats. The project also offers a companion web dashboard for real-time threat analysis and deployment guides for various platforms.
Reddit Discussion
Hi Blue Teamers,
I'm excited to share that my open-source project, julioliraup/Antiphishing, has been accepted and added to the official suricata-update source index! I built this project from scratch to provide high-frequency, dynamic signatures specifically designed to mitigate phishing attack vectors. The pipeline ingests indicators from trusted community sources (like PhishStats and OpenPhish) to build automated TLS, DNS, and HTTP rules (SIDs 6000000 - 6100000).
Project Ecosystem:
- The Ruleset: Automated updates targeting active phishing domains.
- Threat Intelligence Lookup Portal: We also maintain a web companion dashboard at https://julioliraup.github.io/AT for real-time vector analysis.
Deployment Guides:
Since firewall platforms handle rule storage uniquely, please follow the dedicated instructions to prevent system configuration overrides: * For GNU/Linux systems, check the GNU/Linux Installation Wiki. * For pfSense instances, read the pfSense Configuration Guide.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The julioliraup/Antiphishing project is an open-source initiative that delivers high-frequency, automated Suricata rules targeting active phishing domains. These rules are dynamically generated from trusted phishing indicator sources such as PhishStats and OpenPhish, covering TLS, DNS, and HTTP protocols with signature IDs in the range 6000000 to 6100000. The ruleset is integrated into the official suricata-update source index, facilitating automated updates. Additionally, the project provides a web-based threat intelligence lookup portal and platform-specific deployment instructions to ensure proper integration without configuration conflicts.
Potential Impact
This project enhances detection and mitigation capabilities against phishing attacks by providing timely and automated Suricata rules. It does not represent a vulnerability or threat itself but rather a defensive resource to improve network security posture against phishing threats.
Mitigation Recommendations
No remediation or patch is required as this is not a vulnerability but a security enhancement. Users of Suricata are encouraged to integrate this ruleset via suricata-update to improve phishing detection. Follow the provided deployment guides to ensure correct installation and avoid configuration issues.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":33,"reasons":["external_link","newsworthy_keywords:rce","non_newsworthy_keywords:rules","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":["rules"]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a54554268715ace43051d27
Added to database: 07/13/2026, 03:02:26 UTC
Last enriched: 07/13/2026, 03:02:43 UTC
Last updated: 07/13/2026, 05:17:26 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.