I just noticed that PT Research discontinued their Suricata Repo more over 2 years ago
Would it be a case to remove the rules from IPFire IPS?
Is this the same as
I thought I saw someone discussing this topic and maybe working on it but I cannot locate it at this moment.
For now, please add this bug to bugzilla. That will help make sure the Development team reviews this information.
Login using your IPFire email address and your IPFire password.
Information to add a bug report in IPFire Bugzilla:
- IPFire Bugzilla
- Bugzilla info in IPFire Wiki
I found these items in the meeting agenda for today:
Some IPS Ruleset Housekeeping
- Removal of PT Attack Detection Team Ruleset
- Status: Read-Only since Sep 2022, Last Major Changes in 2021
- EOL Status and Current Focus of Positive Technologies
- Removal of Secureworks Rulesets
- Enhanced, Malware, and Security Rulesets
- Issue: Rulesets No Longer Available (404 Error)
- Secureworks Website: No Mention of Suricata Rulesets
- Community Suggestion
- Addition of
ThreatFoxIPS Ruleset by abuse.ch? (Suggestion here) - Consideration: Potential Conflicts or Duplication with Existing Rules
- Addition of
2 Likes
Hi @jon
I was looking at the IPS rulesets due to the response from a forum question and found additional rulesets no longer supported.
I updated tge rulesets wiki page with that status and put the topics onto the IPFire video conf call.
It was agreed yesterday to remove the no longer supported or available rulesets and to add the Threatfox new ruleset so i will work on a patch for that.
Hopefully should end up in CU183 or 184.
8 Likes
That’s amazing,
2 of my topics are being discussed at the IPFire video conf call 
1 Like