1
24.1 Legacy Series / Re: GeoIP alias problem
« on: July 15, 2024, 04:26:21 pm »
I can confirm that the 24.1.10_3 update fixes this issue. Thank you for reporting here, reporting the bug and fixing. 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Intrusion Detection and Prevention / Re: SOLVED: ET Open, IPS mode: why is the action for the compromised rule set Allow
« on: May 30, 2023, 11:09:55 pm »
@gctwnl
Did you check the log? I tried to add Threatfox but found that it didn't complete either.
The log shows:
I need to recheck the rule file.
Did you check the log? I tried to add Threatfox but found that it didn't complete either.
The log shows:
Code: [Select]
Error suricata [100110] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dns $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox payload delivery (domain - confidence level: 50%)"; dns_query; content:"slotgamings.com"; depth:15; fast_pattern; isdataat:!1,relative; nocase; reference:url, threatfox.abuse.ch/ioc/1047040/; target:src_ip; metadata: confidence_level 50, first_seen 2022_12_14; classtype:trojan-activity; sid:9104704" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 70885
Error suricata [100110] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - no terminating ";" found
So it would appear there is a missing ";" on the line.I need to recheck the rule file.
Pages: [1]