|
With suricata-update v1.3.6
|
|
|
|
3/10/2025 -- 10:25:10 - <Debug> -- This is suricata-update version 1.3.6 (rev: None); Python: 3.13.5 (main, Jun 25 2025, 18:55:22) [GCC 14.2.0]
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value subcommand -> update
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value verbose -> True
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value version -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value show-advanced -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value force -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value url -> []
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-ignore -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value dump-sample-configs -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value etopen -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-reload -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-merge -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value offline -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value fail -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value now -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value disable -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value enable -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value modify -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value drop -> False
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Found suricata at /bin/suricata
|
|
3/10/2025 -- 10:25:10 - <Info> -- Using data-directory /var/lib/suricata.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/disable.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/disable.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/disable.conf for disable-conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/enable.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/enable.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/enable.conf for enable-conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/drop.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/drop.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/drop.conf for drop-conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/modify.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/modify.conf
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/modify.conf for modify-conf
|
|
3/10/2025 -- 10:25:10 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
|
|
3/10/2025 -- 10:25:10 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
|
|
3/10/2025 -- 10:25:10 - <Info> -- Found Suricata version 8.0.1 at /bin/suricata.
|
|
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/disable.conf.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing group matcher: group:stream-events.rules
|
|
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/enable.conf.
|
|
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/modify.conf.
|
|
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/drop.conf.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:ANSSI
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:checkpoint
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:cisco
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:corelight
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:cylera
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:fingerprint
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:FireEye
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Juniper
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Linksys
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Netgear
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Orange
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:ProofPoint
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:attempted-dos
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:coin-mining
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:command-and-control
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:denial-of-service
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:domain-c2
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:exploit-kit
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:external-ip-check
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:network-scan
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:successful-dos
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:trojan-activity
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:web-application-attack
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:CVE
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:gouv.fr
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:mitre_technique_id
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:pipedream.net
|
|
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/suricata.yaml
|
|
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol pgsql
|
|
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol modbus
|
|
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol dnp3
|
|
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol enip
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/pawpatrules.yaml
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/abuse.ch-urlhaus.yaml
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/abuse.ch-feodotracker.yaml
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/et-open.yaml
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source pawpatrules to URL https://rules.pawpatrules.fr/suricata/paw-patrules.tar.gz.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source abuse.ch/urlhaus to URL https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source abuse.ch/feodotracker to URL https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source et/open to URL https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.
|
|
3/10/2025 -- 10:25:10 - <Info> -- Fetching https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz.
|
|
3/10/2025 -- 10:25:10 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
|
|
100% - 696439/696439
|
|
3/10/2025 -- 10:25:11 - <Info> -- Done.
|
|
3/10/2025 -- 10:25:11 - <Info> -- Fetching https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz.
|
|
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
|
|
100% - 549/549
|
|
3/10/2025 -- 10:25:11 - <Info> -- Done.
|
|
3/10/2025 -- 10:25:11 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.md5.
|
|
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
|
|
3/10/2025 -- 10:25:11 - <Debug> -- Local checksum=|cb678a564d5856c0f76597c73e18fe7b|; remote checksum=|5b749c4665dab0d04b3c637460b7943e|
|
|
3/10/2025 -- 10:25:11 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.
|
|
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
|
|
100% - 5099200/5099200
|
|
3/10/2025 -- 10:25:12 - <Info> -- Done.
|
|
3/10/2025 -- 10:25:13 - <Info> -- Fetching https://rules.pawpatrules.fr/suricata/paw-patrules.tar.gz.
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
|
|
100% - 602535/602535
|
|
3/10/2025 -- 10:25:13 - <Info> -- Done.
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
|
|
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/app-layer-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/decoder-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dhcp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dnp3-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dns-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/files.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/http-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/http2-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ipsec-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/kerberos-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/modbus-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/mqtt-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/nfs-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ntp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/quic-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/rfb-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/smb-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/smtp-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ssh-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/stream-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/tls-events.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AGENT_TESLA_FQDN.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AGENT_TESLA_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_APT31_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ASYNCRAT_FQDN.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ASYNCRAT_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AZORULT.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BAZAR_KEGTAP_FQDN.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BAZAR_KEGTAP_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BLACKCAT_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BLACKWORM_RAT_IP.rules
|
|
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_COBALT_STRIKE_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_CRYPTBOT_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DOPPELPAYMER_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_URI.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EGREGOR_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EMOTET_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EMOTET_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EVILNUM_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EVILNUM_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EXPLOIT.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN7_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN7_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN8_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FINFISHER_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GMERA_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GMERA_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GOZI_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GRAVITYRAT_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_HAWKEYE_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_HAWKEYE_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LATERAL_MOVEMENT.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LEAKS.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LIMERAT_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKBIT_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKEAN_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKEAN_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOG4SHELL_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOKI_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MALWARES.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MATA_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MATA_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MAZE_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MAZE_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MEKOTIO_USER_AGENT.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MISC.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NANOCORE_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NANOCORE_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NJRAT_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NJRAT_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NOBELIUM_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NOBELIUM_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_PHISHING.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_QAKBOT_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RAGNARLOCKER_IP.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVENGE_FQDN.rules
|
|
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_TLS.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RYUK_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RYUK_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SDBBOT_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SDBBOT_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SEKHMET_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SILENCE_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SPALAX_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SPECIAL_DOMAIN_EXTENSIONS.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA505_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA505_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA551_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TERRALOADER_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_URI.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC1878_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC1878_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC2447_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC2447_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_VADOKRIST_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_VULN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNACRY_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNACRY_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNAMINE_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNAMINE_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_XDSPY_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_FQDN.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_IP.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_URI.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 4957b48725f05dd2b17ad979082ae355/feodotracker.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/botcc.portgrouped.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/botcc.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/ciarmy.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/compromised.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/drop.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/dshield.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-activex.rules
|
|
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-adware_pup.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-attack_response.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-chat.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-coinminer.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-current_events.rules
|
|
3/10/2025 -- 10:25:16 - <Info> -- Ignoring file 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-deleted.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dns.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dos.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dyn_dns.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-exploit.rules
|
|
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-exploit_kit.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-file_sharing.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ftp.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-games.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-hunting.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-icmp.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-imap.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-inappropriate.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-info.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ja3.rules
|
|
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-malware.rules
|
|
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-misc.rules
|
|
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-mobile_malware.rules
|
|
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-netbios.rules
|
|
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-p2p.rules
|
|
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-phishing.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-pop3.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-remote_access.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-retired.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-rpc.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-scada.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-scan.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-shellcode.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-smtp.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-snmp.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-sql.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ta_abused_services.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-telnet.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-tftp.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-user_agents.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-voip.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_client.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_server.rules
|
|
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_specific_apps.rules
|
|
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-worm.rules
|
|
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/threatview_CS_c2.rules
|
|
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/tor.rules
|
|
3/10/2025 -- 10:25:22 - <Debug> -- Parsing f7dd9f71b7cbf676a4fe9305ef31f1d4/urlhaus_suricata.rules
|
|
3/10/2025 -- 10:25:26 - <Info> -- Loaded 113491 rules.
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200073] SURICATA IPv4 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200074] SURICATA TCPv4 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200075] SURICATA UDPv4 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200076] SURICATA ICMPv4 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200077] SURICATA TCPv6 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200078] SURICATA UDPv6 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200079] SURICATA ICMPv6 invalid checksum
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270000] SURICATA DNP3 Request flood detected
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270001] SURICATA DNP3 Length too small
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270002] SURICATA DNP3 Bad link CRC
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270003] SURICATA DNP3 Bad transport CRC
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270004] SURICATA DNP3 Unknown object
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250001] SURICATA Modbus invalid Protocol version
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250002] SURICATA Modbus unsolicited response
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250003] SURICATA Modbus invalid Length
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250005] SURICATA Modbus invalid Function code
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250006] SURICATA Modbus invalid Value
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250007] SURICATA Modbus Exception code invalid
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250008] SURICATA Modbus Data mismatch
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250009] SURICATA Modbus Request flood detected
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210000] SURICATA STREAM 3way handshake with ack in wrong dir
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210001] SURICATA STREAM 3way handshake async wrong sequence
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210002] SURICATA STREAM 3way handshake right seq wrong ack evasion
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210003] SURICATA STREAM 3way handshake SYNACK in wrong direction
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210004] SURICATA STREAM 3way handshake SYNACK resend with different ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210005] SURICATA STREAM 3way handshake SYNACK resend with different seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210006] SURICATA STREAM 3way handshake SYNACK to server on SYN recv
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210007] SURICATA STREAM 3way handshake SYNACK with wrong ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210055] SURICATA STREAM 3way handshake excessive different SYN/ACKs
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210064] SURICATA STREAM 3way handshake SYN/ACK ignored TFO data
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210063] SURICATA STREAM 3way handshake excessive different SYNs
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210008] SURICATA STREAM 3way handshake SYN resend different seq on SYN recv
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210009] SURICATA STREAM 3way handshake SYN to client on SYN recv
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210010] SURICATA STREAM 3way handshake wrong seq wrong ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210057] SURICATA STREAM 3way handshake toclient data injection suspected
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210011] SURICATA STREAM 4way handshake SYNACK with wrong ACK
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210012] SURICATA STREAM 4way handshake SYNACK with wrong SYN
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210013] SURICATA STREAM 4way handshake wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210014] SURICATA STREAM 4way handshake invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210015] SURICATA STREAM CLOSEWAIT ACK out of window
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210016] SURICATA STREAM CLOSEWAIT FIN out of window
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210017] SURICATA STREAM CLOSEWAIT invalid ACK
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210018] SURICATA STREAM CLOSING ACK wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210019] SURICATA STREAM CLOSING invalid ACK
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210020] SURICATA STREAM ESTABLISHED packet out of window
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210022] SURICATA STREAM ESTABLISHED SYNACK resend
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210023] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210024] SURICATA STREAM ESTABLISHED SYNACK resend with different seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210025] SURICATA STREAM ESTABLISHED SYNACK to server
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210026] SURICATA STREAM ESTABLISHED SYN resend
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210027] SURICATA STREAM ESTABLISHED SYN resend with different seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210028] SURICATA STREAM ESTABLISHED SYN to client
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210029] SURICATA STREAM ESTABLISHED invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210030] SURICATA STREAM FIN invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210031] SURICATA STREAM FIN1 ack with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210032] SURICATA STREAM FIN1 FIN with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210033] SURICATA STREAM FIN1 invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210034] SURICATA STREAM FIN2 ack with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210035] SURICATA STREAM FIN2 FIN with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210036] SURICATA STREAM FIN2 invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210038] SURICATA STREAM FIN out of window
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210039] SURICATA STREAM Last ACK with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210040] SURICATA STREAM Last ACK invalid ACK
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210042] SURICATA STREAM TIMEWAIT ACK with wrong seq
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210043] SURICATA STREAM TIMEWAIT invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210044] SURICATA STREAM Packet with invalid timestamp
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210045] SURICATA STREAM Packet with invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210046] SURICATA STREAM SHUTDOWN RST invalid ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210050] SURICATA STREAM reassembly overlap with different data
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210056] SURICATA STREAM bad window update
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210058] SURICATA STREAM suspected RST injection
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210021] SURICATA STREAM ESTABLISHED retransmission packet before last ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210052] SURICATA STREAM CLOSEWAIT retransmission packet before last ack
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210047] SURICATA STREAM reassembly segment before base seq (retransmission)
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210053] SURICATA STREAM Packet is retransmission
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210054] SURICATA STREAM excessive retransmissions
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210059] SURICATA STREAM pkt seen on wrong thread
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210060] SURICATA STREAM FIN SYN reuse
|
|
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210066] SURICATA STREAM urgent OOB limit reached
|
|
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300337] πΎ - β FTP password β‘ sended in clear text π - Leak π±
|
|
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300338] πΎ - β FTP password β‘ sended in clear text π - Leak π±
|
|
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300410] πΎ - β DNS Request π - pcloud.com - File Sharing solution π - Possible Leak π±
|
|
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300414] πΎ - β DNS Request π - dropbox.com - File Sharing solution π - Possible Leak π±
|
|
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300493] πΎ - β DNS Request π - onedrive.live.com - Data Sharing solution π - Possible Leak π±
|
|
3/10/2025 -- 10:25:33 - <Debug> -- Disabling: [1:3312667] πΎ - β DNS Request π to suspicious domain - possible DHL phishing π£
|
|
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3300997] πΎ - π DNS request π to .xxx π―π extension
|
|
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301003] πΎ - π DNS request π to .one β extension
|
|
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301007] πΎ - π DNS request π to .hk ππ° extension
|
|
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301020] πΎ - π DNS request π to .fit π€Έ extension
|
|
3/10/2025 -- 10:25:36 - <Debug> -- Disabling: [1:3317444] πΎ - π¨ Outgoing connection to an IP address seen in π Conti Ransomware Leak
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300149] πΎ - π¨ MDNS protocol π€ in use - Multicast query observed
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300153] πΎ - π¨ MDNS for TCP service π€ in use - Multicast query observed
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300154] πΎ - π¨ MDNS for UDP service π€ in use - Multicast query observed
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300164] πΎ - π¨ APT package management π§ TLSv1.3
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3301102] πΎ - π¨ Powershell π (Windows πͺ) - TLSv1.2 connection to FQDN
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3301086] πΎ - π¨ Powershell π (Windows 11 πͺ) - TLSv1.2 connection to FQDN
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300246] πΎ - π¨ TLS1.0 π connection observerd
|
|
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300303] πΎ - π¨ Suspicious π HTTP trafic on unusual HTTP port
|
|
3/10/2025 -- 10:25:40 - <Debug> -- Enabling: # [1:2027759] ET DNS Query for .co TLD
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2027177] ET INFO Command Shell Activity Over SMB - Possible Lateral Movement
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2019982] ET INFO DNS Query to .onion proxy Domain (way2tor)
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2020125] ET INFO DNS Query to .onion proxy Domain (tor4life.com)
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2013504] ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2030518] ET INFO HTTP POST Request to Suspicious *.ma Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2012522] ET INFO DNS Query For XXX Adult Site Top Level Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2029834] ET INFO Observed DNS Query to KnowBe4 Simulated Phish Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011407] ET INFO DNS Query for Suspicious .com.ru Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011408] ET INFO DNS Query for Suspicious .com.cn Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011411] ET INFO DNS Query for Suspicious .co.kr Domain
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2027865] ET INFO Observed DNS Query to .cloud TLD
|
|
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2027874] ET INFO HTTP Request to Suspicious *.cloud Domain
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2045780] ET INFO Observed DNS Query to .win TLD
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2050127] ET INFO DNS Query to Online Application Hosting Domain (onrender .com)
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2014508] ET INFO DNS Query to a *.slyip.net Dynamic DNS Domain
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2050736] ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2012321] ET INFO HTTP Request to a *.cx.cc domain
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2027872] ET INFO HTTP Request to Suspicious *.biz Domain
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2023873] ET INFO DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv .ps)
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2030205] ET INFO HTTP Request for ISO File Direct to IP
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2015576] ET INFO DNS Query to .onion proxy Domain (tor2web)
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2018876] ET INFO DNS Query to .onion proxy Domain (onion.cab)
|
|
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2056212] ET INFO Internet Printing Protocol (IPP) Get-Printer-Attributes Outbound Request
|
|
3/10/2025 -- 10:25:53 - <Debug> -- Enabling: # [1:2053723] ET INFO DYNAMIC_DNS Query to a *.dyndns-at-home .com Domain
|
|
3/10/2025 -- 10:25:53 - <Debug> -- Enabling: # [1:2053724] ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-at-home .com Domain
|
|
3/10/2025 -- 10:25:53 - <Debug> -- Disabling: [1:2063117] ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net)
|
|
3/10/2025 -- 10:26:44 - <Info> -- Disabled 107 rules.
|
|
3/10/2025 -- 10:26:44 - <Info> -- Enabled 18 rules.
|
|
3/10/2025 -- 10:26:44 - <Info> -- Modified 6 rules.
|
|
3/10/2025 -- 10:26:44 - <Info> -- Dropped 103893 rules.
|
|
3/10/2025 -- 10:26:44 - <Debug> -- Checking flowbits for pass 1 of rules.
|
|
3/10/2025 -- 10:26:44 - <Debug> -- Found 380 required flowbits.
|
|
3/10/2025 -- 10:26:44 - <Debug> -- Found 136 rules to enable for flowbit requirements (pass 1)
|
|
3/10/2025 -- 10:26:44 - <Debug> -- Checking flowbits for pass 2 of rules.
|
|
3/10/2025 -- 10:26:44 - <Debug> -- Found 381 required flowbits.
|
|
3/10/2025 -- 10:26:45 - <Debug> -- Found 0 rules to enable for flowbit requirements (pass 2)
|
|
3/10/2025 -- 10:26:45 - <Debug> -- All required rules enabled.
|
|
3/10/2025 -- 10:26:45 - <Info> -- Enabled 136 rules for flowbit dependencies.
|
|
3/10/2025 -- 10:26:45 - <Info> -- Backing up current rules.
|
|
3/10/2025 -- 10:26:45 - <Debug> -- Recording existing file /var/lib/suricata/rules/suricata.rules with hash '928e0194ecfffac77111e160f412980b'.
|
|
3/10/2025 -- 10:27:00 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 113491; enabled: 97618; added: 11; removed 0; modified: 7945
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_l.lst to /var/lib/suricata/rules/datasets/8bbcff8e1b540c8e20b65d20a44a3252
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_w.lst to /var/lib/suricata/rules/datasets/ea8ac6bf247f409e8ef8a0abd07cdf37
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_w32.lst to /var/lib/suricata/rules/datasets/1cfec84d82bdb0d4c44ce4767a79f211
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_m.lst to /var/lib/suricata/rules/datasets/fc7f1bf3299c2df56456a195f07f08f9
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_w.lst to /var/lib/suricata/rules/datasets/ebc5c6abfc73569a2a3778803b538738
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_l.lst to /var/lib/suricata/rules/datasets/60f0a25e6ae1dd3376b68840cc16ce22
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_m.lst to /var/lib/suricata/rules/datasets/fa6b492d74837057bddce3ca8bdb1774
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_w.lst to /var/lib/suricata/rules/datasets/7525eeb78c73dadb502f26e6d435ce80
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_l.lst to /var/lib/suricata/rules/datasets/d7fa85b0bbb522ff2fe857ff25e0ba78
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_m.lst to /var/lib/suricata/rules/datasets/aba47376d20c6b1c9aa9daf84942c31c
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_edge_w.lst to /var/lib/suricata/rules/datasets/adcf3efb23307665b749424ab64825fc
|
|
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_putty.lst to /var/lib/suricata/rules/datasets/e01ec07296517c72dae5443f651dc1e3
|
|
Traceback (most recent call last):
|
|
File "/bin/suricata-update", line 36, in <module>
|
|
sys.exit(main.main())
|
|
~~~~~~~~~^^
|
|
File "/usr/lib/suricata/python/suricata/update/main.py", line 1428, in main
|
|
sys.exit(_main())
|
|
~~~~~^^
|
|
File "/usr/lib/suricata/python/suricata/update/main.py", line 1356, in _main
|
|
write_merged(os.path.join(output_filename), rulemap, dep_files)
|
|
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
File "/usr/lib/suricata/python/suricata/update/main.py", line 573, in write_merged
|
|
reformatted = handle_dataset_files(rule, dep_files)
|
|
File "/usr/lib/suricata/python/suricata/update/main.py", line 469, in handle_dataset_files
|
|
prefix = os.path.dirname(rule.group)
|
|
File "<frozen posixpath>", line 178, in dirname
|
|
TypeError: expected str, bytes or os.PathLike object, not NoneType
|
|
root@iNetSrv01:~#
|