Emerging Threats Pro with Snort on pfsense?

dreadnought

Hello all,

I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?

bmeeks

@dreadnought:

Hello all,

I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?

I can add this functionality to the next Snort update, but I will need some help with the specifics involved.  I do not use ET Pro.  I use the subscriber Snort VRT rules instead.  I will PM you with my e-mail address, and we can correspond offline with how to add this selection to Snort.  It should be pretty easy to do once I know what's involved.

Bill

dreadnought

Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.

bmeeks

@dreadnought:

Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.

Received your e-mail reply and will communicate a bit more with you via that mechanism.

Bill

Dmkaz

Bill,

I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

Feel free to reach out if you need anything.

bmeeks

@Dmkaz:

Bill,

I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

Feel free to reach out if you need anything.

Thanks for the offer of help. I  sent you a PM with my e-mail address.

Bill

t3rmin

@bmeeks:

@Dmkaz:

Bill,

I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

Feel free to reach out if you need anything.

Thanks for the offer of help. I  sent you a PM with my e-mail address.

Bill

Thanks so much for working on this integration, folks!

I was just about to purchase an ETPro subscription and was curious about the status? Thanks!

bmeeks

@t3rmin:

@bmeeks:

@Dmkaz:

Bill,

I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

Feel free to reach out if you need anything.

Thanks for the offer of help. I  sent you a PM with my e-mail address.

Bill

Thanks so much for working on this integration, folks!

I was just about to purchase an ETPro subscription and was curious about the status? Thanks!

ET Pro support is ready in Snort Package update 2.6.1 which is awaiting approval from the pfSense Core Team.  The GitHub Pull Request is at https://github.com/pfsense/pfsense-packages/pull/524.

There has been some discussion offline via e-mail about one of the bug fixes I included in the code not related to the ET Pro support, and that discussion has delayed the approval of the change.  If the bug fix discussion does not get resolved in the next day or two, I will separate the Pull Request such that the ET Pro support can stand alone and hopefully be merged while the bug fix discussion continues.

Bill

t3rmin

Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!

bmeeks

@t3rmin:

Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!

I backtracked a bit and submitted a new Pull Request tonight with the "under discussion" functions removed.  The new ETPro support and a couple of bug fixes are still included.  Hopefully the new package will get swift approval.  Here is a link to the new Pull Request:

https://github.com/pfsense/pfsense-packages/pull/529

When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

Bill

t3rmin

Excellent! Thanks so much.

dreadnought

When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

Thanks!

bmeeks

@dreadnought:

When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

Thanks!

Last update I had was that Ermal was looking at the Pull Request.  That was last week.

Bill

t3rmin

@ermal @jimp @anyone with merge authority… I hope this doesn't seem impatient, but it's been 21 days on this pull request. pfSense is absolutely wonderful and I appreciate it very much. Really looking forward to this merge so we can get ETPro in place in our environment. Thanks!

priller

Ermal approved it.  2.6.1 is now available.

t3rmin

Great! Many thanks @bmeeks and @ermal!

bmeeks

@t3rmin:

Great! Many thanks @bmeeks and @ermal!

Yep.  Approved and merged.  The pfSense guys have been really busy the last few weeks, and that's the reason it took a bit longer to approve the Pull Request.  I will be posting a new thread in the Packages sub-forum with the release notes.

UPDATE:  the release notes are in this thread – http://forum.pfsense.org/index.php/topic,68884.0.html

Bill