[Oisf-users] Suricata 3.2 EOL

Travis Green travis at travisgreen.net
Wed Feb 14 20:07:51 UTC 2018

Hey Jonny,

The Pro set is a superset of Open rules + rules we have written from our
own research. Often there are rules that could go in as Pro but there is
sufficient community interest to release to Open. We also commonly build
basic detection logic in Open and then add more granular logic in Pro.

There are no rules in the Open set that are not in Pro, and we do not move
Pro rules to Open on a timetable.

I'd be happy to give further details, but we might want to take the
conversation to emerging-sigs mailing list or #emerging-threats on

Hope that helps,

On Wed, Feb 14, 2018 at 12:34 PM, Jonny Peters <j83peters at gmail.com> wrote:

> Thanks Travis.
> What is the process for determining whether a rule goes into open or pro
> set?
> Are there rules in the open set, contributed by community, that don't make
> their way into pro set?
> Is there a time limit after which the pro set is available to
> all....something that VRT used to do, ie after a week of first publishing,
> a rule became available in the open set.?
> Thanks again
> Jonny
> On Mon, Feb 12, 2018 at 9:47 AM, Travis Green <travis at travisgreen.net>
> wrote:
>> Jonny, there is one team that manages both the open and pro ET rules.
>> There is no current timeline for EOL for Suricata 3.2 rules.
>> Hope that helps,
>> -Travis
>> On Thu, Feb 8, 2018 at 7:16 AM, Jonny Peters <j83peters at gmail.com> wrote:
>>> I recently took charge of a Suricata 3.2.1 system.
>>> With the 3.2 EOL, how long will it be before the 3.2 open rules are end
>>> of life?
>>> Also is there a separate team managing open rule set to that which
>>> manages ET payable rules?
>>> Sorry for these questions but I am new to the Suricata scene.
>>> Jonny
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/suppor
>>> t/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/ois
>>> f-users
>>> Conference: https://suricon.net
>>> Trainings: https://suricata-ids.org/training/
>> --
>> PGP: ABE625E6
>> keybase.io/travisbgreen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180214/8ea027a9/attachment-0002.html>

More information about the Oisf-users mailing list