We’ve recently made a change in the way the ‘updated_at’ metadata tag is populated within our rules.
Previously to today, whenever any supported engine’s version of a SID was modified every engine version’s value for ‘updated_at’ was updated for that rule.
For example, a rule’s Suricata 5 version was getting an ‘updated_at’ date from a Snort version which was modified in May 2022, even though the Suricata 5 version potentially hadn’t been touched since 2020. Thus this Suricata 5 rule would carry an ‘updated_at’ value that was not accurate.
As we’ve grown in technical maturity along with the ruleset we have been able to set per-engine values for performance (a rule may perform differently across our supported engines) and category and classtype (necessary since several Suritcata 5/6/7 categories and classtypes don’t exist in Suricata 4 or Snort). We always strive to make the rules we publish out to you more reflective of reality and the hard work we put into QA and releasing them.
Thank you!