Hello all,
I have signed up for ETPro Telemetry edition and I have loaded the appropriate ruleset. When I look in the plugins I find another ruleset called ET Open. Do I need to load this also, as it says its IDS Proofpoint full ET open ruleset complementary subset for ET Pro Telemetry edition. Can someone clarify?
Thanks,
Steve
Are you asking about just the plugin? If so I don't have it installed, wasn't clear to me what you get from it, and then this dupe warning.
IDS Proofpoint full ET open ruleset complementary subset for ET Pro Telemetry edition
IDS Proofpoint ET open full ruleset to complement ET Pro Telemetry edition.
This plugin will trigger duplicate rules warnings in Suricata logs when
selecting the same categories for both ET open and ET Telemetry.
Dont know
You can try downloading them all
If you have duplicate rules, when you click apply in rules, look in the log and it will tell you if you have duplicates
If a whole ruleset is a duplicate then you can disable it under downloads