ET POLICY category is missing
-
Hi All,
Have you noticed that the latest ET Open ruleset for Suricata 7.0.4 (2024/06/17, v10619) is incomplete?
https://rules.emergingthreats.net/open/suricata-7.0.1/emerging.rules.tar.gz
https://rules.emergingthreats.net/open/suricata-7.0.4/emerging.rules.tar.gzThe version for 7.0.4 doesn't have the emerging-policy.rules file at all, while the older one does.
Does anyone know what is going on?Thanks,
Robert -
Could just be a temporary glitch on the ET rules website. Usually they only make major rules changes for Suricata when new major versions of Suricata release (so, for example, maybe a big architecture change for Suricata 6.x and then later for 7.x and maybe another when Suricata 8.x releases). Just a guess on my part, though.
By "major rules changes" I mean things like adding or modifying keywords and options in text rules due to changes within Suricata itself (for example, supporting new keywords or options). I don't mean adding, deleting or modifying rules for different threats.
So, long answer to say I would not expect such a change (dropping a category) to normally happen with a minor Suricata version change.
-
Well, it turns out the Emerging Threats rules team did in fact make some fairly significant changes recently to their Suricata rules package.
Here is a full description of the recent changes and why they were made: https://forum.suricata.io/t/emerging-threats-pro-open-ruleset-for-suricata-7-0-3-now-available/4714. The link goes to the upstream Suricata forum, but please remember to post any questions or issues about Suricata on pSense here on the Netgate forum. There are many customizations of Suricata for use on pfSense, and the upstream developers will have no knowledge of them.
-
Thanks @bmeeks for the info.
This is... quite fundamental. Basically it would be like a new IDS system, will take some time to figure out :)
