[Oisf-users] Emerging Threats rules
Jack Mott
jmott at emergingthreats.net
Fri Jul 14 14:47:04 UTC 2017
Charlie,
If this hasn't been resolved, feel free to send over some details, like the
engine version you're running as well as what link you're using to grab the
rules and we can help sort it out.
Best,
Jack
On Wed, Jul 12, 2017 at 5:44 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Send the error text to me privately, I have a feeling you are loading
> something that isn't an actual rules file.
>
> Only files with .rules extensions should be loaded:
>
> > activex.rules
> > attack_response.rules
> > botcc.portgrouped.rules
> > botcc.rules
> > chat.rules
> > ciarmy.rules
> > compromised.rules
> > current_events.rules
> > dns.rules
> > dos.rules
> > drop.rules
> > dshield.rules
> > exploit.rules
> > ftp.rules
> > games.rules
> > icmp.rules
> > icmp_info.rules
> > imap.rules
> > inappropriate.rules
> > info.rules
> > local.rules
> > malware.rules
> > misc.rules
> > mobile_malware.rules
> > netbios.rules
> > p2p.rules
> > policy.rules
> > pop3.rules
> > rbn-malvertisers.rules
> > rbn.rules
> > rpc.rules
> > scada.rules
> > scada_special.rules
> > scan.rules
> > shellcode.rules
> > smtp.rules
> > snmp.rules
> > sql.rules
> > telnet.rules
> > tftp.rules
> > tor.rules
> > trojan.rules
> > user_agents.rules
> > voip.rules
> > web_client.rules
> > web_server.rules
> > web_specific_apps.rules
> > worm.rules
>
>
>
> -Coop
>
> On 7/12/2017 4:39 PM, Charlie Dyer wrote:
> > Hello
> >
> > I'm quite confused, starting Suricata pointing at all the rule files
> > from ETPro results in hundreds if not thousands of errors concerning
> > these rules, mostly errors like "SC_ERR_INVALID_SIGNATURE".
> >
> > Is there a particular Suricata-compatible ruleset one should use instead?
> >
> > I mean I use the same rule set with snort and that errors too, what
> > software is etpro rulesets designed for?
> >
> > Many thanks
> >
> >
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170714/9aa339af/attachment-0002.html>
More information about the Oisf-users
mailing list