[Oisf-users] Alternatives to ET Pro?

Jeremy MJ jskier at gmail.com
Tue Feb 9 15:56:07 UTC 2016


My understanding is the same fairly knowledgeable folks are still on
the ET rule set ship, although good to know about the price increase.

I haven't seen any reference to 2815810 on the etpro list, and that
hasn't been my experience with cpu usage and suricata v3. Not trying
to change your mind or anything, just my experience, my org is a
subscriber to the rules as well. We've also noticed some Dyre payload
alerts recently that appear overly liberal with pcre and pattern
matching, without actually receiving a payload.

Have you looked at snort's paid rule set? Can't speak to quality
recently, we haven't used it in a couple of years.

--
Jeremy MJ


On Tue, Feb 9, 2016 at 9:36 AM, Brandon Lattin <latt0050 at umn.edu> wrote:
> I'm sure some of you are aware that Proofpoint has acquired Emerging
> Threats.
>
> We've seen a decline (perhaps anecdotal) in rule quality - to the tune of a
> single new rule (2815810) taking 49% of total CPU time. Additionally, it
> would appear they are planning on raising prices.
>
> I'm curious if anyone is using an alternative to the ET Pro set.
>
> Thanks!
>
> --
> Brandon Lattin
> Security Analyst
> University of Minnesota - University Information Security
> Office: 612-626-6672
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net



More information about the Oisf-users mailing list