OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Suricata 5.0.5 use ET Open 4.0 rules
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata 5.0.5 use ET Open 4.0 rules  (Read 2461 times)

everfree

  • Newbie
  • *
  • Posts: 15
  • Karma: 0
    • View Profile
Suricata 5.0.5 use ET Open 4.0 rules
« on: February 10, 2021, 09:41:35 am »
hi.

https://rules.emergingthreats.net/open/suricata-5.0/rules/

https://rules.emergingthreats.net/open/suricata-4.0/rules/

#suricata -V

This is Suricata version 5.0.5 RELEASE

I see ET open/emerging-trojan, this rules is removed at suricata 5.0
 
confuse  :-\ ??

Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 907
  • Karma: 184
    • View Profile
Re: Suricata 5.0.5 use ET Open 4.0 rules
« Reply #1 on: February 10, 2021, 10:51:09 am »
Hi,

We're still using the suricata 4 ruleset for ET Pro telemetry (and et-open), at Proofpoint their busy migrating the Telemetry feed to the newer version. The rules in both (4 and 5) are roughly the same, but organised a bit differently and a likely a bit more performant.

The migration code was already available (https://github.com/opnsense/core/commit/41eefdd105012137d9d7db71e70847f9ea8e974), but is waiting for Proofpoint in this case.

Best regards,

Ad
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Suricata 5.0.5 use ET Open 4.0 rules
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2