For some time now we’ve been partnered with our friends at OPNsense on ETPRO Telemetry Edition. This allows OPNsense users to benefit from ETPRO in exchange for sending our team here threat telemetry data from your installed sensor! This allows us not only to provide ETPRO to a wider audience but also helps us keep the ruleset tuned nicely with relevant, impactful rules.
ET Pro Telemetry Edition features include:
- Emphasis on fingerprinting actual malware / C2 / exploit kits, and in the wild malicious activity missed by traditional prevention methods.
- Support for Suricata IDS/IPS.
- Over 7,000 tuned IDS/IPS rules.
- 10 to 50+ new rules are released each day.
- Extensive signature descriptions, references, and documentation.
- Very low false positive rating through the use of state-of-the-art malware sandbox and global sensor network feedback loop.
- Includes ET Open. ET Pro Telemetry Editions allows you to benefit from the collective intelligence provided by one of the largest and most active IDS/IPS rule writing communities. Rule submissions are received from all over the world covering never seen before threats—all tested by the Proofpoint’s ET Labs research team to ensure optimum performance and accurate detection.
This is a partnership, and as such, to continue receiving updated rules in the ETPRO Telemetry Edition ruleset we must receive data from your sensor.
For sensors opting-in to sending Proofpoint/ET telemetry so they can receive ETPRO telemetry edition those sensors must have sent event telemetry back to Proofpoint/ET within the last 5 days.
Sensors may go dormant during that period (no heartbeat sent in the last day) and still receive ETPRO Telemetry Edition, but if no events are received for 5 days the Telemetry Edition rule delivery will be disabled and that sensor will simply receive that day’s ET Open rules.
That disabling will transition back to active delivery upon resumption of heartbeat and telemetry delivery back to Proofpoint/ET.
Sensors are reviewed as to state every 24 hours.
Thank you - and feel free to hit us up here with any questions!