[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-updates
Subject: Re: [Emerging-updates] [Etpro-sigs] Suricata rules server change
From: Will Metcalf <wmetcalf () emergingthreatspro ! com>
Date: 2016-03-29 14:44:05
Message-ID: CAKrkXrNWjKntn-RaOuLKysWtCcN2cqbhech6MXPOrWFDxNZ3Fw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Nope. You can continue to use your engine version and get the correct
ruleset for your engine. We had a lot of folks pointing at "/suricata/"
and getting a pre-1.3 ruleset even if using 3.0 or whatever.
Regards,
Will
On Tue, Mar 29, 2016 at 9:41 AM, Michal Purzynski <michal@mozilla.com>
wrote:
> Let's clarify something. My PP fetches files from
>
> https://rules.emergingthreatspro.com/<oinkcode>/suricata-2.1.0/etpro.rules.tar.gz.md5
> ==> 200 OK
>
> For suricata 3.x. I've patched it with a piece of code received from ET.
> Is there anything from me to change?
>
>
> On Tue, Mar 29, 2016 at 12:49 AM, Francis Trudeau <
> ftrudeau@emergingthreats.net> wrote:
>
>> All,
>>
>> Emerging Threats / Proofpoint will be making a change to our rules
>> download servers regarding Suricata versions. This change will happen
>> after 8PM Eastern, on Sunday, 2016/04/03. This will affect OPEN and PRO
>> rulesets.
>>
>> Currently, the link below will download Suricata rules designed for older
>> versions of Suricata (1.0 through 1.2.x):
>>
>> https://rules.emergingthreats.net/open/suricata/
>> https://rules.emergingthreatspro.com/oinkcode/suricata/
>>
>> Those links will direct to suricata-1.3 rules after this change.
>>
>> After this change, to access the older Suricata signatures, they will be
>> here:
>>
>> https://rules.emergingthreats.net/open/suricata-1.0/
>> https://rules.emergingthreatspro.com/oinkcode/suricata-1.0/
>>
>> One reason for this change is that most people run newer versions of
>> Suricata, and are not aware they are downloading the incorrect rules for
>> Suricata 1.3 - 3.x.
>>
>> The second reason for this change is we plan on sun-setting the older
>> Suricata rules in the future.
>>
>> Please don't hesitate to ask any questions. Please keep questions on
>> list if possible.
>>
>>
>> Thanks,
>>
>> Francis
>>
>> _______________________________________________
>> Etpro-sigs mailing list
>> Etpro-sigs@lists.emergingthreats.net
>> https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs
>>
>>
>
> _______________________________________________
> Etpro-sigs mailing list
> Etpro-sigs@lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Nope. You can continue to use your engine version and get the correct \
ruleset for your engine. We had a lot of folks pointing at "/suricata/" \
and getting a pre-1.3 ruleset even if using 3.0 or \
whatever.<div><br></div><div>Regards,</div><div><br></div><div>Will</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 29, 2016 at 9:41 AM, \
Michal Purzynski <span dir="ltr"><<a href="mailto:michal@mozilla.com" \
target="_blank">michal@mozilla.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>Let's clarify something. My PP \
fetches files from<br><br> <a href="https://rules.emergingthreatspro.com/" \
target="_blank">https://rules.emergingthreatspro.com/</a><oinkcode>/suricata-2.1.0/etpro.rules.tar.gz.md5 \
==> 200 OK<br><br></div>For suricata 3.x. I've patched it with a piece of code \
received from ET. Is there anything from me to change?<br><br></div><div \
class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Tue, Mar 29, \
2016 at 12:49 AM, Francis Trudeau <span dir="ltr"><<a \
href="mailto:ftrudeau@emergingthreats.net" \
target="_blank">ftrudeau@emergingthreats.net</a>></span> \
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div \
dir="ltr"><div>All,</div><div><br></div><div>Emerging Threats / Proofpoint will be \
making a change to our rules download servers regarding Suricata versions. This \
change will happen after 8PM Eastern, on Sunday, 2016/04/03. This will affect OPEN \
and PRO rulesets.</div><div><br></div><div>Currently, the link below will download \
Suricata rules designed for older versions of Suricata (1.0 through \
1.2.x):</div><div><br></div><div><a \
href="https://rules.emergingthreats.net/open/suricata/" \
target="_blank">https://rules.emergingthreats.net/open/suricata/</a></div><div><a \
href="https://rules.emergingthreatspro.com/oinkcode/suricata/" \
target="_blank">https://rules.emergingthreatspro.com/oinkcode/suricata/</a></div><div><br></div><div>Those \
links will direct to suricata-1.3 rules after this \
change.</div><div><br></div><div>After this change, to access the older Suricata \
signatures, they will be here:</div><div><br></div><div><a \
href="https://rules.emergingthreats.net/open/suricata-1.0/" \
target="_blank">https://rules.emergingthreats.net/open/suricata-1.0/</a></div><div><a \
href="https://rules.emergingthreatspro.com/oinkcode/suricata-1.0/" \
target="_blank">https://rules.emergingthreatspro.com/oinkcode/suricata-1.0/</a></div><div><br></div><div>One \
reason for this change is that most people run newer versions of Suricata, and are \
not aware they are downloading the incorrect rules for Suricata 1.3 - \
3.x.</div><div><br></div><div>The second reason for this change is we plan on \
sun-setting the older Suricata rules in the future.</div><div><br></div><div>Please \
don't hesitate to ask any questions. Please keep questions on list if \
possible.</div><div><br></div><div><br></div><div>Thanks,</div><div><br></div><div>Francis</div></div>
<br></div></div><span class="">_______________________________________________<br>
Etpro-sigs mailing list<br>
<a href="mailto:Etpro-sigs@lists.emergingthreats.net" \
target="_blank">Etpro-sigs@lists.emergingthreats.net</a><br> <a \
href="https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs" rel="noreferrer" \
target="_blank">https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs</a><br> \
<br></span></blockquote></div><br></div> \
<br>_______________________________________________<br> Etpro-sigs mailing list<br>
<a href="mailto:Etpro-sigs@lists.emergingthreats.net">Etpro-sigs@lists.emergingthreats.net</a><br>
<a href="https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs" \
rel="noreferrer" target="_blank">https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs</a><br>
<br></blockquote></div><br></div>
_______________________________________________
Emerging-updates mailing list
Emerging-updates@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-updates
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic