Error with abuse.ch/ThreatFox rules

Started by abcuser2021, March 22, 2021, 03:53:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2021, 03:53:12 AM

Rule : abuse.ch/ThreatFox

Error : [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox botnet C2 traffic (url - confidence level: 75%)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:""; depth:0; nocase; http.host; content:"monkeyplanet.net"; depth:16; isdataat:!1,relative; reference:url, threatfox.abuse.ch/ioc/2800/; target:src_ip; metadata: confidence_level 75, first_seen 2021_03_08; classtype:trojan-activity; sid:90002800; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 714

are you guys having the same issues ? How to solve it?

March 22, 2021, 11:42:47 AM #1
Yep, same problems.
March 22, 2021, 09:09:22 PM #2
https://github.com/opnsense/core/issues/4821

Feel free to add any additional information you may have
2x 25.1.9 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
Print
Go Up Pages1
User actions