Actions
Feature #3100
closedAllow indicating sources /wo remote checksum
Effort:
Difficulty:
Label:
Description
Currently the tool will output warnings when pulling rules without remote checksums...
2019-07-29 12:10:09,351 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-ciarmy.suricata.rules.md5. 2019-07-29 12:11:09,444 - <WARNING> - Failed to check remote checksum: <urlopen error timed out>
...which seems to be the case for even the default Emerging Threats rules.
It would be nice if the existence of remote checksum could be set for each source to allow avoiding those download attempts / warnings.
Updated by Shivani Bhardwaj over 5 years ago
- Status changed from New to Assigned
- Assignee changed from Shivani Bhardwaj to Vagisha Gupta
- Target version set to TBD
Updated by Jason Ish over 5 years ago
- Target version changed from TBD to 1.1.0rc1
Updated by Kenneth Kolano over 5 years ago
This change seemed to omit...
- Setting this option for the default lists that require it...
Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,165 - <INFO> - Checking https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.md5. Sep 10 04:04:52 demo2 updateIDSRules[5341]: 2019-09-10 04:04:52,295 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,695 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5. Sep 10 04:05:11 demo2 updateIDSRules[5341]: 2019-09-10 04:05:11,794 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,127 - <INFO> - Checking https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules.md5. Sep 10 04:05:12 demo2 updateIDSRules[5341]: 2019-09-10 04:05:12,290 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found Sep 10 04:05:15 demo2 updateIDSRules[5341]: 2019-09-10 04:05:15,943 - <INFO> - Checking https://rules.emergingthreats.net/blockrules/emerging-drop.suricata.rules.md5. Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,176 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,467 - <INFO> - Checking https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.md5. Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,610 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found Sep 10 04:05:16 demo2 updateIDSRules[5341]: 2019-09-10 04:05:16,737 - <INFO> - Checking https://security.etnetera.cz/feeds/etn_aggressive.rules.md5. Sep 10 04:05:18 demo2 updateIDSRules[5341]: 2019-09-10 04:05:18,055 - <WARNING> - Failed to check remote checksum: HTTP Error 404: Not Found
- Enabling this option for the enable-source command (i.e. to allow skipping MD5 downloads for default options where they do exist)
Actions