Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ETPro Telemetry vs ETOpen Rulesets
« previous
next »
Print
Pages: [
1
]
Author
Topic: ETPro Telemetry vs ETOpen Rulesets (Read 1175 times)
xpendable
Newbie
Posts: 39
Karma: 2
ETPro Telemetry vs ETOpen Rulesets
«
on:
February 21, 2024, 05:38:24 pm »
Hello,
I am currently using the ETPro Telemetry version and have noticed large ruleset discrepancies from the ETOpen rules. Some rules are simply empty in the ETPro sets such as botcc,ciarmy,drop,dshield,emerging-ftp/pop3/rpc/tor... for example. There are more that are empty but I don't want to list them all at this time, for these using the corresponding ETOpen list works.
However some other lists have wildly different rules, the most extreme I have found so far is emerging-hunting. The ETPro list has 186 enabled rules, where as the ETOpen version has 1151 enabled rules. Why is the ETPro list missing over 800+ rules?
This is true for many other lists, emerging-attack_response/current_events/dns/dos/expoit... etc. Am I missing something here or is OPNsense doing something in the background that I am not aware of? Is it trying to consolidate lists or something? I have also noticed that all the ETPro lists have NO disabled rules unlike the ETOpen comes with many disabled ones.
So I can of course just enable both lists in ETPro/Open, but then you get duplicate warnings... which at this point seems like the best option and just ignore the errors and accept the performance hit.
Anyone else notice the same behavior and/or is there something I'm missing?
Thanks
Logged
xpendable
Newbie
Posts: 39
Karma: 2
Re: ETPro Telemetry vs ETOpen Rulesets
«
Reply #1 on:
February 21, 2024, 09:52:30 pm »
I guess I should have searched github instead, looks like I'm not the only one and appears that only the ET Team can fix these issues.
https://github.com/opnsense/plugins/issues/3635
So duplicate rules it is then until these lists get updated in a way that makes sense.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ETPro Telemetry vs ETOpen Rulesets