Error with abuse.ch/ThreatFox rules

Started by abcuser2021, March 22, 2021, 03:53:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2021, 03:53:12 AM

Rule : abuse.ch/ThreatFox

Error : [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox botnet C2 traffic (url - confidence level: 75%)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:""; depth:0; nocase; http.host; content:"monkeyplanet.net"; depth:16; isdataat:!1,relative; reference:url, threatfox.abuse.ch/ioc/2800/; target:src_ip; metadata: confidence_level 75, first_seen 2021_03_08; classtype:trojan-activity; sid:90002800; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 714

are you guys having the same issues ? How to solve it?

March 22, 2021, 11:42:47 AM #1
Yep, same problems.
March 22, 2021, 09:09:22 PM #2
https://github.com/opnsense/core/issues/4821

Feel free to add any additional information you may have
26.1.5|Intel N150|4x3.6GHz|8GB|256GB NVMe
Cisco L3 switch OSPF + FRR
Chrony|DoT|HAProxy+NAXSI|Suricata+Wazuh|NetFlow->Akvorado
IPSec|OpenVPN|Wireguard
MultiWAN: 1Gbit fiber dual stack + 4G failover

--
Available for private support.
Print
Go Up Pages1
User actions