Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Bobox on December 03, 2020, 11:20:37 AM

Title: Some ET rulesets emtpy
Post by: Bobox on December 03, 2020, 11:20:37 AM
Hi there,

finally switched from pfSense to OPNsense 20.1 and I really like it :)

I'm using the telemetry rule set with the code from Deciso.
One problem though, I was wondering why Suricata does not catch ET CINS, ET DROP or ET COMPROMISED anymore like it did frequently on my pfSense Suricata.

It seems the respective rulesets are empty, just enabled and downloaded all as a test fo this. All the 58B sized are empty.
How do I fix this?
ufabetyou (https://ufabetyou.com)
Title: Re: Some ET rulesets emtpy
Post by: chemlud on December 03, 2020, 02:47:14 PM
Hi to OPNsense!

Screenshot of IPS -> Download page maybe? :-)

Where did yo see this 58 bit empty file?

Title: Re: Some ET rulesets emtpy
Post by: franco on December 03, 2020, 07:54:55 PM
Hi,

Maybe the same as https://github.com/opnsense/core/issues/4479 -- telemetry is an ET Pro set and some ET Open sets are not available / deprecated / substituted.


Cheers,
Franco
Text only | Text with Images