[Emerging-Sigs] The New Rulesets are Ready!!

Weir, Jason jason.weir at nhrs.org
Wed Oct 13 08:37:39 EDT 2010


Maybe I'm missing something...

If I use the open-nongpl + vrt free rulesets then I wont get the updated
GPL rules from you guys.. 

To get the updated GPL rules I will need to skip the VRT free rules
which means missing out on a bunch of rules there.

I was trying to come up with a way to have the best of both worlds and
use the VRT free rules but also get the updated GPL rules from ET.

What's your reason behind not changing the SIDs?  

I'm lobbying for SID changes because I could then use oinkmaster to
disable the VRT GPL rules and have my cake and eat it too..

But I know it's not your job to ensure compatability between VRT &

If anybody has another option I'm missing - please let me know.. 


-----Original Message-----
From: Matthew Jonkman [mailto:jonkman at emergingthreatspro.com] 
Sent: Tuesday, October 12, 2010 6:34 PM
To: Weir, Jason
Cc: Emerging Threats Threats emerging-sigs at emergingthreats.net
Subject: Re: [Emerging-Sigs] The New Rulesets are Ready!!

On Oct 11, 2010, at 8:43 AM, Weir, Jason wrote:

> Thanks Matt (and ET team), Awesome job!!!
> Quick question.
> Going forward will you be updating the GPL rules? Will they get new 
> SIDs?

No, we won't re-sid them. But they will be updated. There are some
SERIOUS performance hogs, we're fixing as we can. 

> Reason I ask is I run the VRT free rules as well as the ET open rules.
> The problem is the 409 overlaps you describe below
> With oinkmaster I can't figure out how to disable the GPL rules from 
> VRT (by sid) without disabling the same SIDs in the ET rules.

I imagine you've seen by now (I'm late in replying) But I put up a
tarball that'll not have the gpl sigs. open-nogpl. 

Have you tried that one, and if so is it solving the problem?



> Any ideas?
> -Jason


Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

More information about the Emerging-sigs mailing list