Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Emerging Threats Pro with Snort on pfsense?

    Scheduled Pinned Locked Moved pfSense Packages
    17 Posts 5 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dreadnought
      last edited by

      Hello all,

      I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @dreadnought:

        Hello all,

        I would like to use the ETPro rules with Snort on our appliance running pfsense, but it doesn't appear there is a way to do so?  Has anyone been able to get Snort to pull these rules and keep them updated?

        I can add this functionality to the next Snort update, but I will need some help with the specifics involved.  I do not use ET Pro.  I use the subscriber Snort VRT rules instead.  I will PM you with my e-mail address, and we can correspond offline with how to add this selection to Snort.  It should be pretty easy to do once I know what's involved.

        Bill

        1 Reply Last reply Reply Quote 0
        • D
          dreadnought
          last edited by

          Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @dreadnought:

            Awesome, thank you!  The Emerging Threats people are happy to contribute… advice, code, etc.  I'll respond to your PM with details.

            Received your e-mail reply and will communicate a bit more with you via that mechanism.

            Bill

            1 Reply Last reply Reply Quote 0
            • D
              Dmkaz
              last edited by

              Bill,

              I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

              Feel free to reach out if you need anything.

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @Dmkaz:

                Bill,

                I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

                Feel free to reach out if you need anything.

                Thanks for the offer of help. I  sent you a PM with my e-mail address.

                Bill

                1 Reply Last reply Reply Quote 0
                • T
                  t3rmin
                  last edited by

                  @bmeeks:

                  @Dmkaz:

                  Bill,

                  I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

                  Feel free to reach out if you need anything.

                  Thanks for the offer of help. I  sent you a PM with my e-mail address.

                  Bill

                  Thanks so much for working on this integration, folks!

                  I was just about to purchase an ETPro subscription and was curious about the status? Thanks!

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks
                    last edited by

                    @t3rmin:

                    @bmeeks:

                    @Dmkaz:

                    Bill,

                    I'm part of the Emerging Threats team and we've all been wanting this integration for a while ourselves. More than happy to help out and give you a demo Pro code to assist in getting this working.

                    Feel free to reach out if you need anything.

                    Thanks for the offer of help. I  sent you a PM with my e-mail address.

                    Bill

                    Thanks so much for working on this integration, folks!

                    I was just about to purchase an ETPro subscription and was curious about the status? Thanks!

                    ET Pro support is ready in Snort Package update 2.6.1 which is awaiting approval from the pfSense Core Team.  The GitHub Pull Request is at https://github.com/pfsense/pfsense-packages/pull/524.

                    There has been some discussion offline via e-mail about one of the bug fixes I included in the code not related to the ET Pro support, and that discussion has delayed the approval of the change.  If the bug fix discussion does not get resolved in the next day or two, I will separate the Pull Request such that the ET Pro support can stand alone and hopefully be merged while the bug fix discussion continues.

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • T
                      t3rmin
                      last edited by

                      Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks
                        last edited by

                        @t3rmin:

                        Great! Thanks again! Seems like you're doing a fantastic job as plugin maintainer!

                        I backtracked a bit and submitted a new Pull Request tonight with the "under discussion" functions removed.  The new ETPro support and a couple of bug fixes are still included.  Hopefully the new package will get swift approval.  Here is a link to the new Pull Request:

                        https://github.com/pfsense/pfsense-packages/pull/529

                        When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • T
                          t3rmin
                          last edited by

                          Excellent! Thanks so much.

                          1 Reply Last reply Reply Quote 0
                          • D
                            dreadnought
                            last edited by

                            When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

                            pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

                            Thanks!

                            1 Reply Last reply Reply Quote 0
                            • bmeeksB
                              bmeeks
                              last edited by

                              @dreadnought:

                              When approved and merged, this will appear as Snort 2.9.4.6 Pkg Version 2.6.1.

                              pfSense team, do you have an idea of when the next release will be that incorporates Bill's updated Snort package?

                              Thanks!

                              Last update I had was that Ermal was looking at the Pull Request.  That was last week.

                              Bill

                              1 Reply Last reply Reply Quote 0
                              • T
                                t3rmin
                                last edited by

                                @ermal @jimp @anyone with merge authority… I hope this doesn't seem impatient, but it's been 21 days on this pull request. pfSense is absolutely wonderful and I appreciate it very much. Really looking forward to this merge so we can get ETPro in place in our environment. Thanks!

                                1 Reply Last reply Reply Quote 0
                                • P
                                  priller
                                  last edited by

                                  Ermal approved it.  2.6.1 is now available.

                                  1 Reply Last reply Reply Quote 0
                                  • T
                                    t3rmin
                                    last edited by

                                    Great! Many thanks @bmeeks and @ermal!

                                    1 Reply Last reply Reply Quote 0
                                    • bmeeksB
                                      bmeeks
                                      last edited by

                                      @t3rmin:

                                      Great! Many thanks @bmeeks and @ermal!

                                      Yep.  Approved and merged.  The pfSense guys have been really busy the last few weeks, and that's the reason it took a bit longer to approve the Pull Request.  I will be posting a new thread in the Packages sub-forum with the release notes.

                                      UPDATE:  the release notes are in this thread – http://forum.pfsense.org/index.php/topic,68884.0.html

                                      Bill

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.