Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Suricata 5.0.5 use ET Open 4.0 rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata 5.0.5 use ET Open 4.0 rules (Read 2463 times)
everfree
Newbie
Posts: 15
Karma: 0
Suricata 5.0.5 use ET Open 4.0 rules
«
on:
February 10, 2021, 09:41:35 am »
hi.
https://rules.emergingthreats.net/open/suricata-5.0/rules/
https://rules.emergingthreats.net/open/suricata-4.0/rules/
#suricata -V
This is Suricata version 5.0.5 RELEASE
I see ET open/emerging-trojan, this rules is removed at suricata 5.0
confuse
??
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Suricata 5.0.5 use ET Open 4.0 rules
«
Reply #1 on:
February 10, 2021, 10:51:09 am »
Hi,
We're still using the suricata 4 ruleset for ET Pro telemetry (and et-open), at Proofpoint their busy migrating the Telemetry feed to the newer version. The rules in both (4 and 5) are roughly the same, but organised a bit differently and a likely a bit more performant.
The migration code was already available (
https://github.com/opnsense/core/commit/41eefdd105012137d9d7db71e70847f9ea8e974
), but is waiting for Proofpoint in this case.
Best regards,
Ad
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Suricata 5.0.5 use ET Open 4.0 rules