[Emerging-Sigs] Emerging-sigs Digest, Vol 147, Issue 3

Duane Howard duane.security at gmail.com
Mon Feb 3 14:44:35 HST 2020


Issue filed to track:
https://github.com/google/gonids/issues/125

Again, I'm rather occupied with the day job at the moment, so I'm not sure
when I'll personally have time to dig into this, but it's definitely
something I'd like to solve before too long.

On Mon, Feb 3, 2020 at 4:33 PM Tiago Faria <tiago.faria.backups at gmail.com>
wrote:

> Ah! Valid point and something I forgot to mention. We migrated to 5.x.
> That’s not something I feel confident about addressing in a PR though :)
>
> On Tue, 4 Feb 2020 at 00:12, Duane Howard <duane.security at gmail.com>
> wrote:
>
>> Glad this seems interesting to you Matthew.
>> Worth noting, for anyone that has jumped to Suricata 5.X GoNIDS does
>> *not* support parsing 5.X style signatures yet, and I'm not quite sure when
>> I'll be able to dive into this (nor do I really know how we want to
>> structure this functionality) and there are a few Snort only keywords that
>> are not supported.
>>
>> PRs, and issues always welcome!
>>
>> ./d
>>
>> On Mon, Feb 3, 2020 at 2:07 PM Matthew Clairmont (R* NYC) <
>> Matthew.Clairmont at rockstargames.com> wrote:
>>
>>> GoNIDS may have just saved me a lot of automation work. I've recently
>>> started more signature automation using Go but it was nowhere the quality
>>> (or finesse) of what GoNIDS seems to offer!
>>>
>>> -----Original Message-----
>>> From: Emerging-sigs <emerging-sigs-bounces at lists.emergingthreats.net>
>>> On Behalf Of emerging-sigs-request at lists.emergingthreats.net
>>> Sent: Monday, February 3, 2020 05:00 PM
>>> To: emerging-sigs at lists.emergingthreats.net
>>> Subject: Emerging-sigs Digest, Vol 147, Issue 3
>>>
>>> ** EXTERNAL EMAIL **
>>>
>>> Send Emerging-sigs mailing list submissions to
>>>         emerging-sigs at lists.emergingthreats.net
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emergingthreats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>> or, via email, send a message with subject or body 'help' to
>>>         emerging-sigs-request at lists.emergingthreats.net
>>>
>>> You can reach the person managing the list at
>>>         emerging-sigs-owner at lists.emergingthreats.net
>>>
>>> When replying, please edit your Subject line so it is more specific than
>>> "Re: Contents of Emerging-sigs digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>>    1. Re: sidmap generator (Tiago Faria)
>>>    2. Re: sidmap generator (Duane Howard)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Mon, 3 Feb 2020 19:28:02 +0000
>>> From: Tiago Faria <tiago.faria.backups at gmail.com>
>>> To: Duane Howard <duane.security at gmail.com>
>>> Cc: Jason Williams <jwilliams at emergingthreats.net>,
>>>         "emerging-sigs at emergingthreats.net"
>>>         <Emerging-sigs at emergingthreats.net>
>>> Subject: Re: [Emerging-Sigs] sidmap generator
>>> Message-ID:
>>>         <CAF8FeX-CjoFTjfCL8g=
>>> XDh83jYX69Vs79-Qf35ooUJVHTcqcdA at mail.gmail.com>
>>> Content-Type: text/plain; charset="utf-8"
>>>
>>> That's a very good idea Duane, thank you.
>>>
>>> I'll look into using gonids and report back. Since this is going into a
>>> Lambda function gonids seems like a very good fit!
>>>
>>> On Mon, Feb 3, 2020 at 7:06 PM Duane Howard <duane.security at gmail.com>
>>> wrote:
>>>
>>> > You could write a small utility using the gonids[0] parsing library.
>>> > Should roughly be something like:
>>> > ```
>>> > package main
>>> >
>>> > import "github.com/google/gonids"
>>> >
>>> > func main() {
>>> >   r, err := gonids.ParseRule(rule)
>>> >   if err != nil {
>>> >     // Handle parse error
>>> >   }
>>> >   var msgmap []string
>>> >   msgmap = append(msgmap, fmt.Sprintf("%d", r.SID))
>>> >   msgmap = append(msgmap, r.Description)
>>> >   for _, ref := range r.References {
>>> >     msgmap = append(msgmap, fmt.Sprintf("%s,%s", ref.Type, ref.Value))
>>> >   }
>>> >   fmt.Println(strings.Join(msgmap, " || ")) } ```
>>> >
>>> > [0]
>>> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_google
>>> > _gonids&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY
>>> > 5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ue
>>> > ABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=wQeoEzkmyjFSFZWBfA9E6jNRKRO1CFaL
>>> > HufPhRq4k8g&e=
>>> >
>>> > On Mon, Feb 3, 2020 at 10:27 AM Jason Williams <
>>> > jwilliams at emergingthreats.net> wrote:
>>> >
>>> >> Tiago,
>>> >>
>>> >> create-sidmap.pl is part of the oinkmaster distribution, take a look
>>> >> there
>>> >>
>>> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__oinkmaster.source
>>> >> forge.net_faq.shtml&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu
>>> >> 3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K
>>> >> _0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Oh7MKVHlxpL6r4zqB
>>> >> V1EwncAtS-6Az0Qt-BvEag7-YE&e=
>>> >>
>>> >> HTH,
>>> >>
>>> >> Jason
>>> >>
>>> >> On Mon, Feb 3, 2020 at 11:15 AM Tiago Faria <
>>> >> tiago.faria.backups at gmail.com> wrote:
>>> >>
>>> >>> Hi list,
>>> >>>
>>> >>> I know this is a bit of a weird request but was wondering if the
>>> >>> script that generates
>>> >>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__rules.emergingthreats.net_sidmap_&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=d1mFDCcQMbzItmbcothW316RL4naaCLZQdJ9JgkmS-c&e=
>>> is available anywhere online? Looked on ET GH but couldn't find it.
>>> >>>
>>> >>> I would really like to create something similar for other rulesets
>>> >>> (and even combine other rulesets and provide a general sidmap;
>>> >>> easier for querying or feeding other systems) and the best I came up
>>> >>> with 'while read -r line' is far from what it should be. :)
>>> >>>
>>> >>> Perfectly understand if the ET team can't share, just thought I'd
>>> >>> ask :)
>>> >>>
>>> >>> Thank you!
>>> >>> T
>>> >>> _______________________________________________
>>> >>> Emerging-sigs mailing list
>>> >>> Emerging-sigs at lists.emergingthreats.net
>>> >>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emergingt
>>> >>> hreats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGdp5
>>> >>> vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHH
>>> >>> RBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEf
>>> >>> RzJ11qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>> >>>
>>> >>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.emergingthre
>>> >>> ats.net&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6Wr
>>> >>> fY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd
>>> >>> 55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Fkoid9eO7S4ERnu-K0Z2VTEphQ
>>> >>> hpXDdKtfo4TDzNGMU&e=
>>> >>>
>>> >>> _______________________________________________
>>> >> Emerging-sigs mailing list
>>> >> Emerging-sigs at lists.emergingthreats.net
>>> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emergingth
>>> >> reats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGdp5vD
>>> >> Cbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBL
>>> >> iLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ1
>>> >> 1qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>> >>
>>> >> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.emergingthrea
>>> >> ts.net&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY
>>> >> 5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55u
>>> >> eABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Fkoid9eO7S4ERnu-K0Z2VTEphQhpXD
>>> >> dKtfo4TDzNGMU&e=
>>> >>
>>> >>
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>> URL: <
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.emergingthreats.net_pipermail_emerging-2Dsigs_attachments_20200203_462006d1_attachment-2D0001.html&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=GmnrEa6NYm8ejb6KbL-HqiLcnIPhy0_tJyNB2tWEXdc&e=
>>> >
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Mon, 3 Feb 2020 13:58:05 -0800
>>> From: Duane Howard <duane.security at gmail.com>
>>> To: Tiago Faria <tiago.faria.backups at gmail.com>
>>> Cc: Jason Williams <jwilliams at emergingthreats.net>,
>>>         "emerging-sigs at emergingthreats.net"
>>>         <Emerging-sigs at emergingthreats.net>
>>> Subject: Re: [Emerging-Sigs] sidmap generator
>>> Message-ID:
>>>         <CAH9u3cuSyqDr9h+skg85iNn3hm5N2+gTJD=
>>> BiTmTaw4H26r6iw at mail.gmail.com>
>>> Content-Type: text/plain; charset="utf-8"
>>>
>>> Tiago, I've filed an issue[0] in the project to make this functionality
>>> a bit more supported by the library itself. I'll try to hammer this out
>>> when I have some spare time, PR's are welcome.
>>>
>>> [0]
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_google_gonids_issues_124&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=_sY24cmDZercWOe_dy5R8d0sCvY1cFjS_ThYH3p9pzs&e=
>>>
>>> On Mon, Feb 3, 2020 at 11:28 AM Tiago Faria <
>>> tiago.faria.backups at gmail.com>
>>> wrote:
>>>
>>> > That's a very good idea Duane, thank you.
>>> >
>>> > I'll look into using gonids and report back. Since this is going into
>>> > a Lambda function gonids seems like a very good fit!
>>> >
>>> > On Mon, Feb 3, 2020 at 7:06 PM Duane Howard <duane.security at gmail.com>
>>> > wrote:
>>> >
>>> >> You could write a small utility using the gonids[0] parsing library.
>>> >> Should roughly be something like:
>>> >> ```
>>> >> package main
>>> >>
>>> >> import "github.com/google/gonids"
>>> >>
>>> >> func main() {
>>> >>   r, err := gonids.ParseRule(rule)
>>> >>   if err != nil {
>>> >>     // Handle parse error
>>> >>   }
>>> >>   var msgmap []string
>>> >>   msgmap = append(msgmap, fmt.Sprintf("%d", r.SID))
>>> >>   msgmap = append(msgmap, r.Description)
>>> >>   for _, ref := range r.References {
>>> >>     msgmap = append(msgmap, fmt.Sprintf("%s,%s", ref.Type, ref.Value))
>>> >>   }
>>> >>   fmt.Println(strings.Join(msgmap, " || ")) } ```
>>> >>
>>> >> [0]
>>> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_googl
>>> >> e_gonids&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6Wr
>>> >> fY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd5
>>> >> 5ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=wQeoEzkmyjFSFZWBfA9E6jNRKRO1
>>> >> CFaLHufPhRq4k8g&e=
>>> >>
>>> >> On Mon, Feb 3, 2020 at 10:27 AM Jason Williams <
>>> >> jwilliams at emergingthreats.net> wrote:
>>> >>
>>> >>> Tiago,
>>> >>>
>>> >>> create-sidmap.pl is part of the oinkmaster distribution, take a
>>> look
>>> >>> there
>>> >>>
>>> >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__oinkmaster.sourc
>>> >>> eforge.net_faq.shtml&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGT
>>> >>> vu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j
>>> >>> 83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Oh7MKVHlxpL6r
>>> >>> 4zqBV1EwncAtS-6Az0Qt-BvEag7-YE&e=
>>> >>>
>>> >>> HTH,
>>> >>>
>>> >>> Jason
>>> >>>
>>> >>> On Mon, Feb 3, 2020 at 11:15 AM Tiago Faria <
>>> >>> tiago.faria.backups at gmail.com> wrote:
>>> >>>
>>> >>>> Hi list,
>>> >>>>
>>> >>>> I know this is a bit of a weird request but was wondering if the
>>> >>>> script that generates
>>> >>>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__rules.emergingthreats.net_sidmap_&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=d1mFDCcQMbzItmbcothW316RL4naaCLZQdJ9JgkmS-c&e=
>>> is available anywhere online? Looked on ET GH but couldn't find it.
>>> >>>>
>>> >>>> I would really like to create something similar for other rulesets
>>> >>>> (and even combine other rulesets and provide a general sidmap;
>>> >>>> easier for querying or feeding other systems) and the best I came
>>> >>>> up with 'while read -r line' is far from what it should be. :)
>>> >>>>
>>> >>>> Perfectly understand if the ET team can't share, just thought I'd
>>> >>>> ask :)
>>> >>>>
>>> >>>> Thank you!
>>> >>>> T
>>> >>>> _______________________________________________
>>> >>>> Emerging-sigs mailing list
>>> >>>> Emerging-sigs at lists.emergingthreats.net
>>> >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emerging
>>> >>>> threats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGd
>>> >>>> p5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnV
>>> >>>> eHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7
>>> >>>> NdEfRzJ11qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>> >>>>
>>> >>>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> >>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.emergingthr
>>> >>>> eats.net&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6
>>> >>>> WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=h
>>> >>>> Afd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Fkoid9eO7S4ERnu-K0Z2VT
>>> >>>> EphQhpXDdKtfo4TDzNGMU&e=
>>> >>>>
>>> >>>> _______________________________________________
>>> >>> Emerging-sigs mailing list
>>> >>> Emerging-sigs at lists.emergingthreats.net
>>> >>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emergingt
>>> >>> hreats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGdp5
>>> >>> vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHH
>>> >>> RBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEf
>>> >>> RzJ11qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>> >>>
>>> >>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.emergingthre
>>> >>> ats.net&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6Wr
>>> >>> fY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd
>>> >>> 55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=Fkoid9eO7S4ERnu-K0Z2VTEphQ
>>> >>> hpXDdKtfo4TDzNGMU&e=
>>> >>>
>>> >>>
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>> URL: <
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.emergingthreats.net_pipermail_emerging-2Dsigs_attachments_20200203_af80be46_attachment-2D0001.html&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=YZeGkvF9RFVojsmhvpQLWlmPpwtn-t-mzEurRfj7B74&e=
>>> >
>>>
>>> ------------------------------
>>>
>>> Subject: Digest Footer
>>>
>>> _______________________________________________
>>> Emerging-sigs mailing list
>>> Emerging-sigs at lists.emergingthreats.net
>>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.emergingthreats.net_mailman_listinfo_emerging-2Dsigs&d=DwIGaQ&c=RKDswobrOGdp5vDCbl5XjxW8HqrsRSr80dGTvu3rE9Q&r=6WrfY5KEBEPfMah_8-yqKNhrSXZ_uxnVeHHRBLiLOOQ2fd5oy_RThbD74j83K_0Q&m=hAfd55ueABKZMh15E7DCgKxcq1eJmyj7NdEfRzJ11qg&s=-Fm97yYt2QkSjrh6DdAg3B4CiE-LAro_9kj6M_k67Eo&e=
>>>
>>>
>>> ------------------------------
>>>
>>> End of Emerging-sigs Digest, Vol 147, Issue 3
>>> *********************************************
>>> _______________________________________________
>>> Emerging-sigs mailing list
>>> Emerging-sigs at lists.emergingthreats.net
>>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>>
>>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>>> http://www.emergingthreats.net
>>>
>>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200203/41f82603/attachment-0001.html>


More information about the Emerging-sigs mailing list