The PT Expert Security Center has a dedicated team of specialists who develop cyberattack detection rules for network security tools. Using this expertise as a foundation, Positive Technologies started the PT Rules project with an open source code. The goal is to share our signatures for Suricata with the information security community¹ and help identify attacker activity quickly. The project portal hosts a group of Suricata rules updated on an ongoing basis.

Positive Technologies is dedicated to sharing its advanced information security expertise with the global community in various ways. For example, the company regularly publishes cybersecurity research, presents at international industry conferences, and organizes its own events (for example, the Positive Hack Days international cyberfestival, Standoff cyber exercises, and workshops for international students). As one of many projects designed to strengthen collaboration in the global information security community, PT Rules is conducted in English.

"We believe in the power of the international information security community to make the digital world safer through collaborative open source projects. Positive Technologies has this same goal, so we created our own platform to share tools for protection against the latest cyberthreats," comments Kirill Shipulin, Head of the Network Attack Detection Group in PT NAD, PT Expert Security Center. "We invite cybersecurity experts from around the world to join PT Rules, use its current expertise, and contribute your own useful findings to help it grow. As a united team, we can more quickly identify and eliminate threats capable of causing unacceptable damage to society, companies, and entires nations."

Recently, the PT Expert Security Center posted rules on the PT Rules portal for detecting new vulnerabilities and popular cybercriminal tools, as well as signatures for identifying movements within the perimeter in the Active Directory catalog service. To update rules in a timely manner, experts recommend using the Suricata-update utility with the ptrules/open repository enabled, which is included in the list of officially supported signature repositories.