226
Intrusion Detection and Prevention / Some ET rulesets emtpy
« on: February 01, 2020, 08:38:42 am »
Hi there,
finally switched from pfSense to OPNsense 20.1 and I really like it
I'm using the telemetry rule set with the code from Deciso.
One problem though, I was wondering why Suricata does not catch ET CINS, ET DROP or ET COMPROMISED anymore like it did frequently on my pfSense Suricata.
It seems the respective rulesets are empty, just enabled and downloaded all as a test fo this. All the 58B sized are empty.
How do I fix this?
Edit: seems to be a problem with the telemetry plugin. If I uninstall that, the rules are not empty anymore.
finally switched from pfSense to OPNsense 20.1 and I really like it
I'm using the telemetry rule set with the code from Deciso.
One problem though, I was wondering why Suricata does not catch ET CINS, ET DROP or ET COMPROMISED anymore like it did frequently on my pfSense Suricata.
It seems the respective rulesets are empty, just enabled and downloaded all as a test fo this. All the 58B sized are empty.
How do I fix this?
Edit: seems to be a problem with the telemetry plugin. If I uninstall that, the rules are not empty anymore.
Code: [Select]
root@OPNsense:/usr/local/etc/suricata/rules # ls -lah
total 27224
drwxr-x--- 2 root wheel 2.0K Feb 1 08:22 .
drwxr-xr-x 5 root wheel 512B Feb 1 08:17 ..
-rw-r----- 1 root wheel 98B Feb 1 08:20 OPNsense.rules
-rw-r----- 1 root wheel 233K Feb 1 08:20 abuse.ch.feodotracker.rules
-rw-r----- 1 root wheel 932K Feb 1 08:20 abuse.ch.sslblacklist.rules
-rw-r----- 1 root wheel 16K Feb 1 08:20 abuse.ch.sslipblacklist.rules
-rw-r----- 1 root wheel 11M Feb 1 08:20 abuse.ch.urlhaus.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 botcc.portgrouped.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 botcc.rules
-rw-r----- 1 root wheel 58B Feb 1 08:18 ciarmy.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 compromised.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 drop.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 dshield.rules
-rw-r----- 1 root wheel 2.7K Feb 1 08:20 emerging-activex.rules
-rw-r----- 1 root wheel 37K Feb 1 08:20 emerging-attack_response.rules
-rw-r----- 1 root wheel 13K Feb 1 08:20 emerging-chat.rules
-rw-r----- 1 root wheel 3.8M Feb 1 08:20 emerging-current_events.rules
-rw-r----- 1 root wheel 139K Feb 1 08:20 emerging-deleted.rules
-rw-r----- 1 root wheel 5.2K Feb 1 08:20 emerging-dns.rules
-rw-r----- 1 root wheel 18K Feb 1 08:20 emerging-dos.rules
-rw-r----- 1 root wheel 132K Feb 1 08:20 emerging-exploit.rules
-rw-r----- 1 root wheel 2.9K Feb 1 08:20 emerging-ftp.rules
-rw-r----- 1 root wheel 6.6K Feb 1 08:20 emerging-games.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-icmp.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-icmp_info.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-imap.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-inappropriate.rules
-rw-r----- 1 root wheel 151K Feb 1 08:20 emerging-info.rules
-rw-r----- 1 root wheel 606K Feb 1 08:20 emerging-malware.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-misc.rules
-rw-r----- 1 root wheel 800K Feb 1 08:20 emerging-mobile_malware.rules
-rw-r----- 1 root wheel 2.8K Feb 1 08:20 emerging-netbios.rules
-rw-r----- 1 root wheel 26K Feb 1 08:20 emerging-p2p.rules
-rw-r----- 1 root wheel 217K Feb 1 08:20 emerging-policy.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-pop3.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-rpc.rules
-rw-r----- 1 root wheel 6.8K Feb 1 08:20 emerging-scada.rules
-rw-r----- 1 root wheel 47K Feb 1 08:20 emerging-scan.rules
-rw-r----- 1 root wheel 3.5K Feb 1 08:20 emerging-shellcode.rules
-rw-r----- 1 root wheel 3.5K Feb 1 08:20 emerging-smtp.rules
-rw-r----- 1 root wheel 4.0K Feb 1 08:20 emerging-snmp.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-sql.rules
-rw-r----- 1 root wheel 3.4K Feb 1 08:20 emerging-telnet.rules
-rw-r----- 1 root wheel 58B Feb 1 08:20 emerging-tftp.rules
-rw-r----- 1 root wheel 6.7M Feb 1 08:20 emerging-trojan.rules
-rw-r----- 1 root wheel 38K Feb 1 08:20 emerging-user_agents.rules
-rw-r----- 1 root wheel 4.5K Feb 1 08:20 emerging-voip.rules
-rw-r----- 1 root wheel 86K Feb 1 08:20 emerging-web_client.rules
-rw-r----- 1 root wheel 36K Feb 1 08:20 emerging-web_server.rules
-rw-r----- 1 root wheel 13K Feb 1 08:20 emerging-web_specific_apps.rules
-rw-r----- 1 root wheel 10K Feb 1 08:20 emerging-worm.rules
-rw-r----- 1 root wheel 23K Feb 1 08:20 opnsense.file_transfer.rules
-rw-r----- 1 root wheel 15K Feb 1 08:20 opnsense.mail.rules
-rw-r----- 1 root wheel 11K Feb 1 08:20 opnsense.media_streaming.rules
-rw-r----- 1 root wheel 12K Feb 1 08:20 opnsense.messaging.rules
-rw-r----- 1 root wheel 12K Feb 1 08:20 opnsense.social_media.rules
-rw-r----- 1 root wheel 392B Feb 1 08:20 opnsense.test.rules
-rw-r----- 1 root wheel 1.2K Feb 1 08:20 opnsense.uncategorized.rules
-rw-r----- 1 root wheel 1.0M Feb 1 08:22 rules.sqlite
-rw-r----- 1 root wheel 0B Feb 1 08:22 rules.sqlite.LCK
-rw-r----- 1 root wheel 151K Feb 1 08:18 telemetry_sids.txt
-rw-r----- 1 root wheel 113B Feb 1 08:18 telemetry_version.json
-rw-r----- 1 root wheel 58B Feb 1 08:20 tor.rules
root@OPNsense:/usr/local/etc/suricata/rules # cat ciarmy.rules
#@opnsense_download_hash:4e3f6edde96c40618e17f846a****