[Oisf-users] Alternatives to ET Pro?

Rodgers, Anthony (DTMB) RodgersA1 at michigan.gov
Tue Feb 9 16:11:18 UTC 2016 

I have to concur - we are ETPRO subscribers, too, and have not experienced any issues, albeit on a Snort platform.

--
Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security

-----Original Message-----
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Jeremy MJ
Sent: Tuesday, February 09, 2016 10:56
To: Brandon Lattin <latt0050 at umn.edu>
Cc: oisf-users <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] Alternatives to ET Pro?

My understanding is the same fairly knowledgeable folks are still on the ET rule set ship, although good to know about the price increase.

I haven't seen any reference to 2815810 on the etpro list, and that hasn't been my experience with cpu usage and suricata v3. Not trying to change your mind or anything, just my experience, my org is a subscriber to the rules as well. We've also noticed some Dyre payload alerts recently that appear overly liberal with pcre and pattern matching, without actually receiving a payload.

Have you looked at snort's paid rule set? Can't speak to quality recently, we haven't used it in a couple of years.

--
Jeremy MJ


On Tue, Feb 9, 2016 at 9:36 AM, Brandon Lattin <latt0050 at umn.edu> wrote:
> I'm sure some of you are aware that Proofpoint has acquired Emerging 
> Threats.
>
> We've seen a decline (perhaps anecdotal) in rule quality - to the tune 
> of a single new rule (2815810) taking 49% of total CPU time. 
> Additionally, it would appear they are planning on raising prices.
>
> I'm curious if anyone is using an alternative to the ET Pro set.
>
> Thanks!
>
> --
> Brandon Lattin
> Security Analyst
> University of Minnesota - University Information Security
> Office: 612-626-6672
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: 
> http://suricata-ids.org/support/
> List: 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

More information about the Oisf-users mailing list