ETPro Telemetry vs ETOpen Rulesets

[xpendable]

Hello,

I am currently using the ETPro Telemetry version and have noticed large ruleset discrepancies from the ETOpen rules. Some rules are simply empty in the ETPro sets such as botcc,ciarmy,drop,dshield,emerging-ftp/pop3/rpc/tor... for example. There are more that are empty but I don't want to list them all at this time, for these using the corresponding ETOpen list works.

However some other lists have wildly different rules, the most extreme I have found so far is emerging-hunting. The ETPro list has 186 enabled rules, where as the ETOpen version has 1151 enabled rules. Why is the ETPro list missing over 800+ rules?

This is true for many other lists, emerging-attack_response/current_events/dns/dos/expoit... etc. Am I missing something here or is OPNsense doing something in the background that I am not aware of? Is it trying to consolidate lists or something? I have also noticed that all the ETPro lists have NO disabled rules unlike the ETOpen comes with many disabled ones.

So I can of course just enable both lists in ETPro/Open, but then you get duplicate warnings... which at this point seems like the best option and just ignore the errors and accept the performance hit.

Anyone else notice the same behavior and/or is there something I'm missing?

Thanks

[xpendable]

I guess I should have searched github instead, looks like I'm not the only one and appears that only the ET Team can fix these issues.
https://github.com/opnsense/plugins/issues/3635

So duplicate rules it is then until these lists get updated in a way that makes sense.