Empty rules with ET Pro Telemetry Opnsense

Freewheelin · March 23, 2025, 10:12pm

Yeah it makes no sense to me why they would leave those rulesets empty. And using a combination of both is not a solution, it’s a work around at best.

RayonRa · March 27, 2025, 1:32pm

Hi!
@Freewheelin using a combination of both is NOT a solution and NOT a workaroud.
We can’t choose some rulesets from ET Open and ET Pro.

ET Pro Telemetry:

-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 botcc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 ciarmy.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 3,2K 19 mar 05.10 classification.config
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 compromised.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 drop.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 dshield.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-3coresec.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-activex.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 351K 19 mar 05.16 emerging-adware_pup.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  74K 19 mar 05.16 emerging-attack_response.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-botcc_portgrouped.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 7,6K 19 mar 05.16 emerging-chat.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  14K 19 mar 05.16 emerging-coinminer.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 9,0K 19 mar 05.16 emerging-current_events.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  46K 19 mar 05.16 emerging-deleted.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 9,4K 19 mar 05.16 emerging-dns.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  13K 19 mar 05.16 emerging-dos.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 489K 19 mar 05.16 emerging-exploit_kit.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 293K 19 mar 05.16 emerging-exploit.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-ftp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 6,9K 19 mar 05.16 emerging-games.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 113K 19 mar 05.16 emerging-hunting.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-icmp_info.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-icmp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-imap.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-inappropriate.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 2,2M 19 mar 05.16 emerging-info.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 3,3K 19 mar 05.16 emerging-ja3.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 6,9M 19 mar 05.16 emerging-malware.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-misc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 612K 19 mar 05.16 emerging-mobile_malware.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-netbios.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  16K 19 mar 05.16 emerging-p2p.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 581K 19 mar 05.16 emerging-phishing.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 419K 19 mar 05.16 emerging-policy.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-pop3.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-rpc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,8K 19 mar 05.16 emerging-scada.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-scada_special.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  33K 19 mar 05.16 emerging-scan.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-shellcode.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 3,0K 19 mar 05.16 emerging-smtp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,7K 19 mar 05.16 emerging-snmp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-sql.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-telnet.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 emerging-tftp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  30K 19 mar 05.16 emerging-user_agents.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,4K 19 mar 05.16 emerging-voip.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  43K 19 mar 05.16 emerging-web_client.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  40K 19 mar 05.16 emerging-web_server.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 225K 19 mar 05.16 emerging-web_specific_apps.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 5,7K 19 mar 05.16 emerging-worm.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 173K 19 mar 05.16 telemetry_sids.txt
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 19 mar 05.16 tor.rules

ET Open:

-rw-r--r-- 1 l0rdg3x l0rdg3x 2,1K 26 mar 21.29 botcc.portgrouped.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,4K 26 mar 21.29 botcc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 1,7K 26 mar 21.29 BSD-License.txt
-rw-r--r-- 1 l0rdg3x l0rdg3x 108K 26 mar 21.29 ciarmy.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 3,2K 26 mar 21.29 classification.config
-rw-r--r-- 1 l0rdg3x l0rdg3x 7,2K 26 mar 21.29 compromised-ips.txt
-rw-r--r-- 1 l0rdg3x l0rdg3x  16K 26 mar 21.29 compromised.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  43K 26 mar 21.29 drop.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 2,7K 26 mar 21.29 dshield.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 359K 26 mar 21.29 emerging-activex.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 589K 26 mar 21.29 emerging-adware_pup.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 610K 26 mar 21.29 emerging-attack_response.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  33K 26 mar 21.29 emerging-chat.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  20K 26 mar 21.29 emerging-coinminer.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 132K 26 mar 21.29 emerging-current_events.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 1,7M 26 mar 21.29 emerging-deleted.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  21K 26 mar 21.29 emerging-dns.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  65K 26 mar 21.29 emerging-dos.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 2,0M 26 mar 21.29 emerging-exploit_kit.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 1,3M 26 mar 21.29 emerging-exploit.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  49K 26 mar 21.29 emerging-ftp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  38K 26 mar 21.29 emerging-games.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 751K 26 mar 21.29 emerging-hunting.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  21K 26 mar 21.29 emerging-icmp_info.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  13K 26 mar 21.29 emerging-icmp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  16K 26 mar 21.29 emerging-imap.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  10K 26 mar 21.29 emerging-inappropriate.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,3M 26 mar 21.29 emerging-info.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  49K 26 mar 21.29 emerging-ja3.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  14M 26 mar 21.29 emerging-malware.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  23K 26 mar 21.29 emerging-misc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 755K 26 mar 21.29 emerging-mobile_malware.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 348K 26 mar 21.29 emerging-netbios.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  47K 26 mar 21.29 emerging-p2p.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 2,2M 26 mar 21.29 emerging-phishing.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 546K 26 mar 21.29 emerging-policy.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 9,4K 26 mar 21.29 emerging-pop3.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 244K 26 mar 21.29 emerging-retired.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  59K 26 mar 21.29 emerging-rpc.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  60K 26 mar 21.29 emerging-scada.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 160K 26 mar 21.29 emerging-scan.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  81K 26 mar 21.29 emerging-shellcode.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  14K 26 mar 21.29 emerging-smtp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  16K 26 mar 21.29 emerging-snmp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 207K 26 mar 21.29 emerging-sql.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 6,2K 26 mar 21.29 emerging-telnet.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 8,2K 26 mar 21.29 emerging-tftp.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 155K 26 mar 21.29 emerging-user_agents.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  11K 26 mar 21.29 emerging-voip.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 484K 26 mar 21.29 emerging-web_client.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 447K 26 mar 21.29 emerging-web_server.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 4,6M 26 mar 21.29 emerging-web_specific_apps.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  11K 26 mar 21.29 emerging-worm.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x  18K 26 mar 21.29 gpl-2.0.txt
-rw-r--r-- 1 l0rdg3x l0rdg3x 2,2K 26 mar 21.29 LICENSE
-rw-r--r-- 1 l0rdg3x l0rdg3x 7,8M 26 mar 21.29 sid-msg.map
-rw-r--r-- 1 l0rdg3x l0rdg3x    0 26 mar 21.29 suricata-5.0-enhanced-open.txt
-rw-r--r-- 1 l0rdg3x l0rdg3x  21K 26 mar 21.29 threatview_CS_c2.rules
-rw-r--r-- 1 l0rdg3x l0rdg3x 700K 26 mar 21.29 tor.rules

So ET Pro Telemetry, also in populated rulesets, is “empty”.
ET Pro contains a lot less rules compared to ET Open, in every rulesets.
@pschroeder @rgonzalez

In your forum posts: Ruleset Update Summary you says:
16 new OPEN, 35 new PRO (16 + 19)
So ETPro MUST contain also ETOpen rules.

What can we do for that?
Thanks!

Topic		Replies	Views
Opnsense suricata rule update for ET Telemetry Feedback & Support	20	571	January 30, 2025
Etpro telemetry in opnsense Rule Signatures	1	359	March 29, 2024
ETPRO Telemetry Edition Announcements opnsense	0	252	January 14, 2025
ET Prrofpoint flowbit issues (opnsense) Feedback & Support	4	59	December 10, 2024
Suricata/ET Pro picked this up, help diagnosing please Feedback & Support suricata	2	28	March 25, 2025

Empty rules with ET Pro Telemetry Opnsense

Related topics