Talos_LightSPD.tar.gz and snortrules-snapshot-31470.tar.gz

Started by dotgate, June 26, 2024, 09:35:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 26, 2024, 09:35:51 PM
Talos_LightSPD.tar.gz and snortrules-snapshot-31470.tar.gz and snortrules-snapshot-29151.tar.gz

When I download above files on windows machine they show as virus files.

Kindly help.

(source of files: https://www.snort.org/downloads)

June 26, 2024, 10:01:04 PM #1
So your Windows AV product flags these files? How is this OPNsense related?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 26, 2024, 10:05:19 PM #2
When I ran antivirus on snort rules or suricata rules It would trigger virus alert
If those files havnt been tampered with they may be good, and from a good source
Some of the same parts that make a rule also triggers antivirus alert
Its not the virus itself, just parts they can grab to identify it, words, actions, etc
Snort rules will not run in suricata and vice versa, two different engines
Only a few out of 150,000 rules, not worth the effort of converting them
Unless you are trying to develop a specific rule on a specific packet flow
They take packets of the virus intrusion or whatever it is
And feed it into one of the engines to make a rule
Some of these rules that are output are not in human readable form
June 26, 2024, 10:12:44 PM #3
Quote from: Patrick M. Hausen on June 26, 2024, 10:01:04 PM
So your Windows AV product flags these files? How is this OPNsense related?
Given that such files drive how ids and ips services in opnsense will respond to threats,

And they are updated frequently, one must make sure  protector is not the devil
Print
Go Up Pages1
User actions