Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Error with abuse.ch/ThreatFox rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Error with abuse.ch/ThreatFox rules (Read 2795 times)
abcuser2021
Newbie
Posts: 13
Karma: 0
Error with abuse.ch/ThreatFox rules
«
on:
March 22, 2021, 03:53:12 am »
Rule : abuse.ch/ThreatFox
Error : [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox botnet C2 traffic (url - confidence level: 75%)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:""; depth:0; nocase; http.host; content:"monkeyplanet.net"; depth:16; isdataat:!1,relative; reference:url, threatfox.abuse.ch/ioc/2800/; target:src_ip; metadata: confidence_level 75, first_seen 2021_03_08; classtype:trojan-activity; sid:90002800; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 714
are you guys having the same issues ? How to solve it?
Logged
hushcoden
Hero Member
Posts: 550
Karma: 23
Re: Error with abuse.ch/ThreatFox rules
«
Reply #1 on:
March 22, 2021, 11:42:47 am »
Yep, same problems.
Logged
sorano
Full Member
Posts: 153
Karma: 21
Re: Error with abuse.ch/ThreatFox rules
«
Reply #2 on:
March 22, 2021, 09:09:22 pm »
https://github.com/opnsense/core/issues/4821
Feel free to add any additional information you may have
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Error with abuse.ch/ThreatFox rules