- Cisco Talos Snort IDS Rules - These are a handful of community rules that correspond to the SCADA Strangelove default credentials. More community rules are available here
- Quickdraw Snort Signatures - v4.3.1 - The Quickdraw IDS signature download includes the Modbus TCP, DNP3, EtherNet/IP, and ICS Vulnerability signatures. Each category is in its own rules file, and Digital Bond recommends only adding the signatures appropriate for your control system. See the pcap quickdraw section for test pcaps.
- Quickdraw Suricata Signatures - A set of ICS IDS rules for use with Suricata. See the pcap quickdraw section for some potential test pcaps.
- Security Technical Implementation Guides (STIG) - The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.
(creative commons license)