[Oisf-users] Errors in rules after moving to 4.1.4

Travis Green travis at travisgreen.net
Mon May 20 15:41:55 UTC 2019


Russell, might want to check up on whether etpro-info.rules is enabled in
your config, that's where "2017748 - ET INFO Java Downloading Archive
flowbit no alert" lives.

On Sun, May 19, 2019 at 3:34 PM Russell Fulton <r.fulton at auckland.ac.nz>
wrote:

> I recently moved to suricata 4.1.4 (from 4.0.4) and I now get a heap of
> errors like this:
>
> 2019 May 20 06:42:11 +12:00 secmonprd11: suricata: '[22157] <Warning> --
> [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.JavaArchiveOrClass' is
> checked but not set. Checked in 2017756 and 15 other sigs’
>
> spot checking the tarball rules it is quite correct there are no rules
> that set that flowbit.  I am using 4.1.4 version of the ETPro rules.
>
> Any ideas what is going on?
>
> Using suricata-update 1.0.5. ( upgraded at the same time from 1.0)
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
PGP: ABE625E6
keybase.io/travisbgreen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190520/b2c23d0f/attachment.html>


More information about the Oisf-users mailing list