[Oisf-users] Suricata rules server change

Francis Trudeau ftrudeau at emergingthreats.net
Tue Mar 29 16:49:35 UTC 2016


Basically, after the change anything that has /suricata* will direct to the
newer rules created for 1.3 and above.  Right now the default is the old
rules.

Only /suricata-1.0/ will get the old sigs that are compatible with the
older versions of Suricata.

We created the 1.3 branch back in the day as it was a big enough departure
from Suricata versions before it, hence why we call it -1.3.

Both of the links you pasted are the same, 1.3 and above rules at this
time.  They will stay that way until we fork again.

We hope to fork soon to take advantage of some of the features in Suricata
2+.  Once we retire the old Suricata rules we are going to look into that.

Hopefully this clears up some things.

Thanks,

Francis





On Tue, Mar 29, 2016 at 7:47 AM, Andreas Herz <andi at geekosphere.org> wrote:

> On 29/03/16 at 07:31, Francis Trudeau wrote:
> > One reason for this change is that most people run newer versions of
> > Suricata, and are not aware they are downloading the incorrect rules for
> > Suricata 1.3 - 3.x.
>
> Can you clarify this a bit? Are 1.3 up to 3.x the same rules?
>
> I'm asking as I'm using this link for 2.0.X suricata:
>
> http://rules.emergingthreats.net/open/suricata-2.0/
>
> And this one for 3.0:
>
> https://rules.emergingthreats.net/open/suricata-3.0/
>
> They point to the same files but are not listed in:
>
> https://rules.emergingthreats.net/open/
>
> There are "just" suricata-1.3 and suricata without a number.
> The emerging.rules.tar.gz don't differ from 2.0 and 3.0 directory but
> this might change if you create rules that use new keywords for example
> :)
>
> Thanks
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160329/5fba246a/attachment-0002.html>


More information about the Oisf-users mailing list