[Emerging-Sigs] [Etpro-sigs] Daily Ruleset Update Summary 2020/02/27

Brandon Murphy bmurphy at emergingthreats.net
Fri Feb 28 05:59:22 HST 2020


Hey Pietro!

I can see how this last week might have caused some problems there.
Moving forward we can try to manually defang those as needed.

We should be done with the bulk disables for awhile, but we will make
best effort to ensure this isn't a problem in the future.

Hope you have a great weekend!

-Brandon



On 02/28/20 03:23, Pietro Delsante wrote:
> Would it be possible to always obfuscate any IP address or domain name
> before sending out the message (or even when assigning new signature
> names)?
>
> For example, if you look at today's disabled rules, all domains
> related to Cerber (e.g. 2820854) are correctly obfuscated with a
> whitespace between first and second level, while the ones regarding
> phishing landing (e.g. 2820854) are unobfuscated.
>
> Kind regards,
> Pietro



More information about the Emerging-sigs mailing list