Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: hushcoden on July 19, 2020, 08:23:04 PM

Title: IDS PT Research ruleset (only for non-commercial use)
Post by: hushcoden on July 19, 2020, 08:23:04 PM
Before installing that, can anyone please explain what does this rule-set provide more than the standard open rule-set that I'm using ?

Tia.
Title: Re: IDS PT Research ruleset (only for non-commercial use)
Post by: siga75 on July 20, 2020, 06:21:41 AM
just more rules, that's worthy :)

my understanding is the rules discovered by the community are free, the PRO are not, this does not means PRO rules are more important or critical stuff, but I have several finding, as an example the last I can see are those blocked connection:

ETPRO TROJAN ZxShell PortScan Command
ETPRO EXPLOIT revslider_show_image Plugin Local File Inclusion Exploit Attempt

without PRO rules this would have not been detected and blocked
Title: Re: IDS PT Research ruleset (only for non-commercial use)
Post by: hushcoden on July 20, 2020, 08:47:03 AM
I'm currently using the ET Open rule-set, but if you look at the plugin section you'll see not just the Pro rule-set but also the ones as per my subject, hence I'm bit confused of what the differences are between ET Open / ET Pro and that PT Research ruleset...

Thanks.
Title: Re: IDS PT Research ruleset (only for non-commercial use)
Post by: siga75 on July 20, 2020, 09:11:59 AM
sorry I misread the topic.

that's actually a good question...

I only know I installed them
Text only | Text with Images