is there any chance to get the Open Threat Exchange-Rules from AlienVault (https://otx.alienvault.com) working with IPFire’s suricata?
I have tried this with my testing-system, following this guide https://github.com/AlienVault-OTX/OTX-Suricata for creating suricata rules, but loading of these rules into suricata will fail with the message:
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature “alert http any any → $HOME_NET any (msg:“OTX - FILE MD5 from pulse b’Dyre Spreading Using Code-Signing Certificates, HTTPS’”; filemd5:/etc/otx/5564abe3b45ff53f21e5b42f.txt ; reference: url, otx.alienvault.com/pulse/5564abe3b45ff53f21e5b42f; sid:418788; rev:1;)” from file /var/lib/suricata/local.rules at line 1712
[ERRCODE: SC_ERR_NO_MD5_SUPPORT(209)] - no MD5 calculation support built in, needed for filemd5 keyword
I have renamed the OTX-Ruleset to local.rules, but when i copy the MD5-files to /var/lib/suricata/ they disappear when restarting suricata.
I have copied them to /etc/otx/ and added /etc/otx/ to the MD5-filename in the rules, no idea whether that works at all.