Daily Ruleset Update Summary 5/17/2012
FAQs

What happened to the Emerging Threats Open Source rules?

Nothing. Well, nothing bad. They’ve been converted to multiple versions of the Snort engine and to Suricata, load tested and tuned, and put into more explanatory categories. They’re still here, still free, and better than ever.

Get them here!

 

What will happen to community submitted rules?

All community submitted rules will be handled as they have always been, and they will go into the ET Open ruleset just as always. The only difference now is that we convert them to all of the platforms we support in both ET Open and ET Pro, and they go through load testing. Everything accepted will be in the ET Open ruleset. Some rules won’t make it to ET Pro… All depends on how they load test and how valuable they are.

 

How do I get the ET Pro Rules?

You can download directly via the following URL Scheme:

http://rules.emergingthreatspro.com/my oink code/engine-1.2.3/etpro.rules.tar.gz

We currently support all platforms from Snort 2.4.0 through Snort Current, and will continue to update to support new versions. We also support All versions of the Suricata IDS engine fromĀ the OISF.

To download the version you desire just use the three digit version syntax for your engine, such as snort-2.9.1, or suricata-1.0.5.

For example,

http://rules.emergingthreatspro.com/1234567890123456/snort-2.8.6/etpro.rules.tar.gz

 

How do I stay in touch with, or participate in the ET Pro and Open Communities?

There is a GREAT community and team behind the ET Open and ET Pro rulesets. It’s one of the most welcoming and mentoring communities we’ve ever been part of. If you’d like to pop in and follow along you’re welcome to. If you feel comfortable enough and have a question or intel to chip in you’ll be welcome to do so.

This community exists primarily in two mailing lists, the emerging-sigs and the etpro-sigs lists. Click the links to subscribe!

 

Why do I have all of these Sid Conflicts when I combine rulesets?

If you’re trying to combine any other ruleset with the ET Pro Ruleset you’ll probably have conflicts. The ET Pro ruleset has incorporated the best of original Snort GPL signatures (those prior to VRT, sids 3464 and lower), the old Community ruleset (sids 100000000+), and the ET Open ruleset. We do have the ET Open ruleset available without the Snort GPL and Community signatures available. Use the open-nogpl rules if you do not wish to have these signatures combined.

The old GPL rules worth keeping are being migrated to a new sid range, 2100000-21003464. So sid 300 from the GPL set will move to 2100300. This will allow the ET Pro team to convert to multiple platforms and maintain those without conflicts with other versions that do not maintain multiple engines.

If you are using the ET Pro ruleset you will automatically have all of the valuable and performance reasonable signatures from the ET Open ruleset. We do NOT recommend combining this ruleset with anything but your own local rules. It is complete and well tested! You do NOT have to add in the ET Open rules, they’re in there!

 

I Need Help!

Please emailĀ support@emergingthreatspro.com, call 866-504-2523, or visit our contact page. We’ll be right on it!