[Emerging-updates] Suricata 4.0 rule fork

Francis Trudeau ftrudeau at emergingthreats.net
Mon Nov 27 12:38:26 EST 2017


The new Suricata 4.0 rules have been live on the production servers
since Thanksgiving.  Sorry for the notification delay, we wanted to
see what happened over the US holiday weekend, and everything looks
good.

Please use the version number of your engine in the URL you use to
retrieve the set.  We changed how it works now, and some paths that
worked before will no longer work.  This was done to ensure people got
the right set for their engine.  Please check your sensors and make
sure everything is updating correctly.

The new system expects a version in the URL.  For the Pro set:

https://rules.emergingthreatspro.com/$oinkcode/suricata-$version/etpro.rules.tar.gz

or

https://rules.emergingthreatspro.com/$oinkcode/snort-$version/etpro.rules.tar.gz

In this case '$version' and '$oinkcode' above is customer supplied.
$version == the version of your Suricata or Snort IDS and $oinkcode ==
your oinkcode.

For example, if running Suricata 4.0.1:

https://rules.emergingthreatspro.com/$oinkcode/suricata-4.0.1/etpro.rules.tar.gz

If running Snort 2.9.7.0:

https://rules.emergingthreatspro.com/$oinkcode/snort-2.9.7.0/etpro.rules.tar.gz


Open signatures are similar:

https://rules.emergingthreatspro.com/open/suricata-$version/

and

https://rules.emergingthreatspro.com/open/snort-$version/

Examples from above:

if running Suricata 4.0.1:

https://rules.emergingthreatspro.com/open/suricata-4.0.1/emerging.rules.tar.gz

If running Snort 2.9.7.0:

https://rules.emergingthreatspro.com/open/snort-2.9.7.0/emerging.rules.tar.gz


Please let us know anyone has any questions.


Thanks,

Francis


More information about the Emerging-updates mailing list