Hi @EMTUser,
Thank you for reporting this. The error details mention “Unknown rule option: ‘byte_math’” which indicates the Snort Engine running does not have this keyword available. You may want to compare your Snort Engine version against our supported Snort engines here (Announcing legacy Snort version support conditions). Any version older than snort-2.9.13 is not supported by our rule set.
The rule’s logic relies on the available Snort byte_math keyword and so, the rule will remain as is until further notice. At this time, disabling the rule maybe the suitable next step.
Cheers,
