Hi — I maintain The Hunters Ledger (https://the-hunters-ledger.com/), an independent threat-intelligence site that publishes a consolidated, openly-licensed (CC BY-NC 4.0) Suricata detection feed derived from my malware investigations. It's currently ~101 rules and grows with each published campaign.
The feed presently renumbers into the 1000000–1999999 local-use block, which I understand is reserved for end-user local rules and risks SID collisions for subscribers who also run their own local rules. I'd like to vacate that block and move to a properly allocated range.
Requesting: a dedicated block of 10,000 SIDs. Happy to take whatever start the working group assigns to avoid overlap with pending allocations. Proposed entry for allocations.yml:
the-hunters-ledger:
org: The Hunters Ledger
name: The Hunters Ledger Detection Feed
note: Community threat-intelligence Suricata feed (CC BY-NC 4.0)
url: https://the-hunters-ledger.com/
engine: suricata
ranges:
- start: <assign>
size: 10000Contact: intel@the-hunters-ledger.com
Thanks for maintaining this registry!
Hi — I maintain The Hunters Ledger (https://the-hunters-ledger.com/), an independent threat-intelligence site that publishes a consolidated, openly-licensed (CC BY-NC 4.0) Suricata detection feed derived from my malware investigations. It's currently ~101 rules and grows with each published campaign.
The feed presently renumbers into the
1000000–1999999local-use block, which I understand is reserved for end-user local rules and risks SID collisions for subscribers who also run their own local rules. I'd like to vacate that block and move to a properly allocated range.Requesting: a dedicated block of 10,000 SIDs. Happy to take whatever
startthe working group assigns to avoid overlap with pending allocations. Proposed entry forallocations.yml:Contact: intel@the-hunters-ledger.com
Thanks for maintaining this registry!