On Fri, Nov 30, 2018 at 03:48:47PM +0000, you wrote: > As so many of the abuse.ch rules are included in the Emerging Threats open ruleset is there a reason to add these separate rulesets from abuse.ch directly? Better coverage, but the cost of actually checking all those tls fingerprint sigs is massive--they're much, much less efficient.