Emerging Threats Pro with Snort on pfsense?



  • Hello all,

    I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?



  • @dreadnought:

    Hello all,

    I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?

    I can add this functionality to the next Snort update, but I will need some help with the specifics involved.  I do not use ET Pro.  I use the subscriber Snort VRT rules instead.  I will PM you with my e-mail address, and we can correspond offline with how to add this selection to Snort.  It should be pretty easy to do once I know what's involved.

    Bill



  • Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.



  • @dreadnought:

    Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.

    Received your e-mail reply and will communicate a bit more with you via that mechanism.

    Bill



  • Bill,

    I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

    Feel free to reach out if you need anything.



  • @Dmkaz:

    Bill,

    I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

    Feel free to reach out if you need anything.

    Thanks for the offer of help. I  sent you a PM with my e-mail address.

    Bill



  • @bmeeks:

    @Dmkaz:

    Bill,

    I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

    Feel free to reach out if you need anything.

    Thanks for the offer of help. I  sent you a PM with my e-mail address.

    Bill

    Thanks so much for working on this integration, folks!

    I was just about to purchase an ETPro subscription and was curious about the status? Thanks!



  • @t3rmin:

    @bmeeks:

    @Dmkaz:

    Bill,

    I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

    Feel free to reach out if you need anything.

    Thanks for the offer of help. I  sent you a PM with my e-mail address.

    Bill

    Thanks so much for working on this integration, folks!

    I was just about to purchase an ETPro subscription and was curious about the status? Thanks!

    ET Pro support is ready in Snort Package update 2.6.1 which is awaiting approval from the pfSense Core Team.  The GitHub Pull Request is at https://github.com/pfsense/pfsense-packages/pull/524.

    There has been some discussion offline via e-mail about one of the bug fixes I included in the code not related to the ET Pro support, and that discussion has delayed the approval of the change.  If the bug fix discussion does not get resolved in the next day or two, I will separate the Pull Request such that the ET Pro support can stand alone and hopefully be merged while the bug fix discussion continues.

    Bill



  • Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!



  • @t3rmin:

    Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!

    I backtracked a bit and submitted a new Pull Request tonight with the "under discussion" functions removed.  The new ETPro support and a couple of bug fixes are still included.  Hopefully the new package will get swift approval.  Here is a link to the new Pull Request:

    https://github.com/pfsense/pfsense-packages/pull/529

    When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

    Bill



  • Excellent! Thanks so much.



  • When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

    pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

    Thanks!



  • @dreadnought:

    When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

    pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

    Thanks!

    Last update I had was that Ermal was looking at the Pull Request.  That was last week.

    Bill



  • @ermal @jimp @anyone with merge authority… I hope this doesn't seem impatient, but it's been 21 days on this pull request. pfSense is absolutely wonderful and I appreciate it very much. Really looking forward to this merge so we can get ETPro in place in our environment. Thanks!



  • Ermal approved it.  2.6.1 is now available.



  • Great! Many thanks @bmeeks and @ermal!



  • @t3rmin:

    Great! Many thanks @bmeeks and @ermal!

    Yep.  Approved and merged.  The pfSense guys have been really busy the last few weeks, and that's the reason it took a bit longer to approve the Pull Request.  I will be posting a new thread in the Packages sub-forum with the release notes.

    UPDATE:  the release notes are in this thread – http://forum.pfsense.org/index.php/topic,68884.0.html

    Bill


Log in to reply