Doc.emergingthreats.net, Reference information

Hello, I’m new to the Suricata world, and I keep seeing ET rules with references to the subdomain doc, however, this subdomain doesn’t resolve. Where can I find more information on specific SIDs that are in the Emerging Threats Open SID range: 2000000-2103999?

1 Like

Hi @Oppressed1192 , thanks for joining. Unfortunately, that’s a reference to our retired & deprecated documentation site. It contained previous rule revisions rather than truly being a ‘reference’ to how and why a rule was written. There were no reference URLs or hashes in order to provide context. There are about 5K active rules which contain those outdated references and we’re working to programmatically remove them and hope to have a solution soon.

Is there a specific rule you had questions about?

1 Like

Thank you for the quick reply, I was hoping for more documentation on the whole, but if I had specific questions on certain SIDs I see I can post them here in the future.

Excellent news about the updating process to rules with outdated references. Thanks for your time.

1 Like