Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET Pro telemetry for testing?
« previous
next »
Print
Pages: [
1
]
Author
Topic: ET Pro telemetry for testing? (Read 1137 times)
Greg_E
Sr. Member
Posts: 342
Karma: 19
ET Pro telemetry for testing?
«
on:
March 06, 2024, 10:28:19 pm »
I'm setting up a test box to try and get everything ready for production. I'd like to set up Suricata with the ET Pro telemetry version, but I found something in the agreement that will probably stop this from working.
It says that if you don't send any telemetry back within a certain time frame, your token will be disabled and the rules will fall back to ET Open. In testing I can almost guarantee that I will not report often enough to keep this active. #5 here
https://shop.opnsense.com/etpro-telemetry-faq/
So is there a way to have this working for testing since ET Pro and ET Open are supposed to be fairly different in included rules? The comparison is here:
https://www.proofpoint.com/sites/default/files/data-sheets/pfpt-us-ds-etpro-vs-etopen-ruleset.pdf
Logged
xpendable
Newbie
Posts: 39
Karma: 2
Re: ET Pro telemetry for testing?
«
Reply #1 on:
March 08, 2024, 10:52:20 pm »
I don't think in the current setup the rules would actually "fallback" to the open rule sets. These end up being 2 different rule sets. Within the GUI they will be displayed as "ET open/tor" and "ET telemtry/tor" respectively for example.
Also the ET Telemtry ruleset does not contain all the ET Pro nor all the ET Open rulesets as far as I can tell. Currently if using the ET Telemtry rulesets it's best to also enable the corresponding ET Open rulesets to get full protection. You just have to live with the duplicate signature errors within the log file.
https://forum.opnsense.org/index.php?topic=38976.0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET Pro telemetry for testing?