[Emerging-Sigs] Revision history on 2022775 - "ET TROJAN BLEXBot User-Agent"

Jason Williams jwilliams at emergingthreats.net
Thu Oct 10 10:14:07 HDT 2019


Eric,

That rule will be moved back to USER_AGENTS in the push today, lotta rules
moving around right now.

In regards to the doc being out of date, yea that is unusual to me and I
will get that looked at. Other rules seem to be getting updated >
https://doc.emergingthreats.net/bin/view/Main/RuleChanges

I don't believe our backend will bump the rev or updated_at date unless
there were actual changes to the rule content. We haven't had a discussion
about this in a long time internally, maybe this might be something we want
to change to more accurately reflect edits to the rulesets.

Thanks for bringing this up, good points!

Jason

On Thu, Oct 10, 2019 at 8:33 AM Eric Urban <eurban at umn.edu> wrote:

> We are using the Suricata 4.0 rules and recently we noticed that 2022775 -
> "ET TROJAN BLEXBot User-Agent" was re-categorized as a TROJAN.  It used to
> be in the USER_AGENT category.
>
> The docs site entry at
> https://doc.emergingthreats.net/bin/view/Main/2022775 for this rule still
> lists it as USER_AGENTS so appears to be out-of-date.  Is it unusual for
> this to fall behind from the released version?  I have not seen this before
> so wanted to ask for information on how this site is updated.
>
> Also, the rev is still at a 2 on this rule and the metadata for the
> updated date has not changed.  Do category changes not typically get a new
> revision or was this overlooked?
>
> Thank you,
> Eric
>
> --
> Eric Urban
> University Information Security | Office of Information Technology |
> it.umn.edu
> University of Minnesota | umn.edu
> eurban at umn.edu
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191010/90ae5d5d/attachment.html>


More information about the Emerging-sigs mailing list