Project

General

Profile

Bug #7972 Β» 2025 10 03 - log.txt

With suricata-update v1.3.6 - FranΓ§ois RAPIN, 10/03/2025 08:57 AM

 
With suricata-update v1.3.6

3/10/2025 -- 10:25:10 - <Debug> -- This is suricata-update version 1.3.6 (rev: None); Python: 3.13.5 (main, Jun 25 2025, 18:55:22) [GCC 14.2.0]
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value subcommand -> update
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value verbose -> True
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value version -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value show-advanced -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value force -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value url -> []
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-ignore -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value dump-sample-configs -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value etopen -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-reload -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value no-merge -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value offline -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value fail -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value now -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value disable -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value enable -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value modify -> False
3/10/2025 -- 10:25:10 - <Debug> -- Setting configuration value drop -> False
3/10/2025 -- 10:25:10 - <Debug> -- Found suricata at /bin/suricata
3/10/2025 -- 10:25:10 - <Info> -- Using data-directory /var/lib/suricata.
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/disable.conf
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/disable.conf
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/disable.conf for disable-conf
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/enable.conf
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/enable.conf
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/enable.conf for enable-conf
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/drop.conf
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/drop.conf
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/drop.conf for drop-conf
3/10/2025 -- 10:25:10 - <Debug> -- Looking for /etc/suricata/modify.conf
3/10/2025 -- 10:25:10 - <Debug> -- Found /etc/suricata/modify.conf
3/10/2025 -- 10:25:10 - <Debug> -- Using /etc/suricata/modify.conf for modify-conf
3/10/2025 -- 10:25:10 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
3/10/2025 -- 10:25:10 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
3/10/2025 -- 10:25:10 - <Info> -- Found Suricata version 8.0.1 at /bin/suricata.
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/disable.conf.
3/10/2025 -- 10:25:10 - <Debug> -- Parsing group matcher: group:stream-events.rules
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/enable.conf.
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/modify.conf.
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/drop.conf.
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:ANSSI
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:checkpoint
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:cisco
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:corelight
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:cylera
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:fingerprint
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:FireEye
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Juniper
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Linksys
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Netgear
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:Orange
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:ProofPoint
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:attempted-dos
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:coin-mining
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:command-and-control
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:denial-of-service
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:domain-c2
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:exploit-kit
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:external-ip-check
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:network-scan
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:successful-dos
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:trojan-activity
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:classtype:web-application-attack
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:CVE
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:gouv.fr
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:mitre_technique_id
3/10/2025 -- 10:25:10 - <Debug> -- Parsing regex matcher: re:pipedream.net
3/10/2025 -- 10:25:10 - <Info> -- Loading /etc/suricata/suricata.yaml
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol pgsql
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol modbus
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol dnp3
3/10/2025 -- 10:25:10 - <Info> -- Disabling rules for protocol enip
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/pawpatrules.yaml
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/abuse.ch-urlhaus.yaml
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/abuse.ch-feodotracker.yaml
3/10/2025 -- 10:25:10 - <Debug> -- Loading source specification file /var/lib/suricata/update/sources/et-open.yaml
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source pawpatrules to URL https://rules.pawpatrules.fr/suricata/paw-patrules.tar.gz.
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source abuse.ch/urlhaus to URL https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz.
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source abuse.ch/feodotracker to URL https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz.
3/10/2025 -- 10:25:10 - <Debug> -- Resolved source et/open to URL https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.
3/10/2025 -- 10:25:10 - <Info> -- Fetching https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz.
3/10/2025 -- 10:25:10 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
100% - 696439/696439
3/10/2025 -- 10:25:11 - <Info> -- Done.
3/10/2025 -- 10:25:11 - <Info> -- Fetching https://feodotracker.abuse.ch/downloads/feodotracker.tar.gz.
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
100% - 549/549
3/10/2025 -- 10:25:11 - <Info> -- Done.
3/10/2025 -- 10:25:11 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.md5.
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
3/10/2025 -- 10:25:11 - <Debug> -- Local checksum=|cb678a564d5856c0f76597c73e18fe7b|; remote checksum=|5b749c4665dab0d04b3c637460b7943e|
3/10/2025 -- 10:25:11 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-8.0.1/emerging.rules.tar.gz.
3/10/2025 -- 10:25:11 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
100% - 5099200/5099200
3/10/2025 -- 10:25:12 - <Info> -- Done.
3/10/2025 -- 10:25:13 - <Info> -- Fetching https://rules.pawpatrules.fr/suricata/paw-patrules.tar.gz.
3/10/2025 -- 10:25:13 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.3.6 (OS: Linux; CPU: x86_64; Python: 3.13.5; Dist: Debian GNU/Linux/13; Suricata: 8.0.1)
100% - 602535/602535
3/10/2025 -- 10:25:13 - <Info> -- Done.
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
3/10/2025 -- 10:25:13 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/app-layer-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/decoder-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dhcp-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dnp3-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/dns-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/files.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/http-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/http2-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ipsec-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/kerberos-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/modbus-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/mqtt-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/nfs-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ntp-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/quic-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/rfb-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/smb-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/smtp-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/ssh-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/stream-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing /usr/share/suricata/rules/tls-events.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AGENT_TESLA_FQDN.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AGENT_TESLA_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_APT31_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ASYNCRAT_FQDN.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ASYNCRAT_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_AZORULT.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BAZAR_KEGTAP_FQDN.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BAZAR_KEGTAP_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BLACKCAT_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_BLACKWORM_RAT_IP.rules
3/10/2025 -- 10:25:13 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_COBALT_STRIKE_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_CRYPTBOT_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DOPPELPAYMER_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_DRIDEX_URI.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EGREGOR_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EMOTET_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EMOTET_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EVILNUM_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EVILNUM_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_EXPLOIT.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN7_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN7_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FIN8_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_FINFISHER_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GMERA_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GMERA_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GOZI_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_GRAVITYRAT_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_HAWKEYE_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_HAWKEYE_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LATERAL_MOVEMENT.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LEAKS.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LIMERAT_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKBIT_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKEAN_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOCKEAN_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOG4SHELL_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_LOKI_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MALWARES.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MATA_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MATA_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MAZE_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MAZE_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MEKOTIO_USER_AGENT.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_MISC.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NANOCORE_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NANOCORE_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NJRAT_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NJRAT_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NOBELIUM_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_NOBELIUM_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_PHISHING.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_QAKBOT_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RAGNARLOCKER_IP.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVENGE_FQDN.rules
3/10/2025 -- 10:25:14 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_REVIL_SODINOKIBI_TLS.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RYUK_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_RYUK_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SDBBOT_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SDBBOT_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SEKHMET_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SILENCE_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SPALAX_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_SPECIAL_DOMAIN_EXTENSIONS.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA505_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA505_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TA551_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TERRALOADER_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_TRICKBOT_URI.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC1878_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC1878_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC2447_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_UNC2447_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_VADOKRIST_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_VULN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNACRY_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNACRY_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNAMINE_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_WANNAMINE_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_XDSPY_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_FQDN.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_IP.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 0d24534050aaf2021175379aba13eeb3/rules/PAW-PATRULES_ZLOADER_URI.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 4957b48725f05dd2b17ad979082ae355/feodotracker.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/botcc.portgrouped.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/botcc.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/ciarmy.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/compromised.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/drop.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/dshield.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-activex.rules
3/10/2025 -- 10:25:15 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-adware_pup.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-attack_response.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-chat.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-coinminer.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-current_events.rules
3/10/2025 -- 10:25:16 - <Info> -- Ignoring file 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-deleted.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dns.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dos.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-dyn_dns.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-exploit.rules
3/10/2025 -- 10:25:16 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-exploit_kit.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-file_sharing.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ftp.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-games.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-hunting.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-icmp.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-imap.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-inappropriate.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-info.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ja3.rules
3/10/2025 -- 10:25:17 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-malware.rules
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-misc.rules
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-mobile_malware.rules
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-netbios.rules
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-p2p.rules
3/10/2025 -- 10:25:20 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-phishing.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-pop3.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-remote_access.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-retired.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-rpc.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-scada.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-scan.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-shellcode.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-smtp.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-snmp.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-sql.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-ta_abused_services.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-telnet.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-tftp.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-user_agents.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-voip.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_client.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_server.rules
3/10/2025 -- 10:25:21 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-web_specific_apps.rules
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/emerging-worm.rules
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/threatview_CS_c2.rules
3/10/2025 -- 10:25:22 - <Debug> -- Parsing 7b26068ce7bef3a8830c5227122c8e0d/rules/tor.rules
3/10/2025 -- 10:25:22 - <Debug> -- Parsing f7dd9f71b7cbf676a4fe9305ef31f1d4/urlhaus_suricata.rules
3/10/2025 -- 10:25:26 - <Info> -- Loaded 113491 rules.
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200073] SURICATA IPv4 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200074] SURICATA TCPv4 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200075] SURICATA UDPv4 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200076] SURICATA ICMPv4 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200077] SURICATA TCPv6 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200078] SURICATA UDPv6 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2200079] SURICATA ICMPv6 invalid checksum
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270000] SURICATA DNP3 Request flood detected
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270001] SURICATA DNP3 Length too small
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270002] SURICATA DNP3 Bad link CRC
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270003] SURICATA DNP3 Bad transport CRC
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2270004] SURICATA DNP3 Unknown object
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250001] SURICATA Modbus invalid Protocol version
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250002] SURICATA Modbus unsolicited response
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250003] SURICATA Modbus invalid Length
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250005] SURICATA Modbus invalid Function code
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250006] SURICATA Modbus invalid Value
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250007] SURICATA Modbus Exception code invalid
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250008] SURICATA Modbus Data mismatch
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2250009] SURICATA Modbus Request flood detected
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210000] SURICATA STREAM 3way handshake with ack in wrong dir
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210001] SURICATA STREAM 3way handshake async wrong sequence
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210002] SURICATA STREAM 3way handshake right seq wrong ack evasion
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210003] SURICATA STREAM 3way handshake SYNACK in wrong direction
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210004] SURICATA STREAM 3way handshake SYNACK resend with different ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210005] SURICATA STREAM 3way handshake SYNACK resend with different seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210006] SURICATA STREAM 3way handshake SYNACK to server on SYN recv
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210007] SURICATA STREAM 3way handshake SYNACK with wrong ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210055] SURICATA STREAM 3way handshake excessive different SYN/ACKs
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210064] SURICATA STREAM 3way handshake SYN/ACK ignored TFO data
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210063] SURICATA STREAM 3way handshake excessive different SYNs
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210008] SURICATA STREAM 3way handshake SYN resend different seq on SYN recv
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210009] SURICATA STREAM 3way handshake SYN to client on SYN recv
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210010] SURICATA STREAM 3way handshake wrong seq wrong ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210057] SURICATA STREAM 3way handshake toclient data injection suspected
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210011] SURICATA STREAM 4way handshake SYNACK with wrong ACK
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210012] SURICATA STREAM 4way handshake SYNACK with wrong SYN
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210013] SURICATA STREAM 4way handshake wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210014] SURICATA STREAM 4way handshake invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210015] SURICATA STREAM CLOSEWAIT ACK out of window
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210016] SURICATA STREAM CLOSEWAIT FIN out of window
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210017] SURICATA STREAM CLOSEWAIT invalid ACK
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210018] SURICATA STREAM CLOSING ACK wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210019] SURICATA STREAM CLOSING invalid ACK
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210020] SURICATA STREAM ESTABLISHED packet out of window
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210022] SURICATA STREAM ESTABLISHED SYNACK resend
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210023] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210024] SURICATA STREAM ESTABLISHED SYNACK resend with different seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210025] SURICATA STREAM ESTABLISHED SYNACK to server
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210026] SURICATA STREAM ESTABLISHED SYN resend
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210027] SURICATA STREAM ESTABLISHED SYN resend with different seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210028] SURICATA STREAM ESTABLISHED SYN to client
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210029] SURICATA STREAM ESTABLISHED invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210030] SURICATA STREAM FIN invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210031] SURICATA STREAM FIN1 ack with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210032] SURICATA STREAM FIN1 FIN with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210033] SURICATA STREAM FIN1 invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210034] SURICATA STREAM FIN2 ack with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210035] SURICATA STREAM FIN2 FIN with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210036] SURICATA STREAM FIN2 invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210038] SURICATA STREAM FIN out of window
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210039] SURICATA STREAM Last ACK with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210040] SURICATA STREAM Last ACK invalid ACK
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210042] SURICATA STREAM TIMEWAIT ACK with wrong seq
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210043] SURICATA STREAM TIMEWAIT invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210044] SURICATA STREAM Packet with invalid timestamp
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210045] SURICATA STREAM Packet with invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210046] SURICATA STREAM SHUTDOWN RST invalid ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210050] SURICATA STREAM reassembly overlap with different data
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210056] SURICATA STREAM bad window update
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210058] SURICATA STREAM suspected RST injection
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210021] SURICATA STREAM ESTABLISHED retransmission packet before last ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210052] SURICATA STREAM CLOSEWAIT retransmission packet before last ack
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210047] SURICATA STREAM reassembly segment before base seq (retransmission)
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210053] SURICATA STREAM Packet is retransmission
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210054] SURICATA STREAM excessive retransmissions
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210059] SURICATA STREAM pkt seen on wrong thread
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210060] SURICATA STREAM FIN SYN reuse
3/10/2025 -- 10:25:26 - <Debug> -- Disabling: [1:2210066] SURICATA STREAM urgent OOB limit reached
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300337] 🐾 - ⚠ FTP password ➑ sended in clear text πŸ‘€ - Leak 🚱
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300338] 🐾 - ⚠ FTP password ➑ sended in clear text πŸ‘€ - Leak 🚱
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300410] 🐾 - ⚠ DNS Request 🌐 - pcloud.com - File Sharing solution πŸ—ƒ - Possible Leak 🚱
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300414] 🐾 - ⚠ DNS Request 🌐 - dropbox.com - File Sharing solution πŸ—ƒ - Possible Leak 🚱
3/10/2025 -- 10:25:30 - <Debug> -- Disabling: [1:3300493] 🐾 - ⚠ DNS Request 🌐 - onedrive.live.com - Data Sharing solution πŸ—ƒ - Possible Leak 🚱
3/10/2025 -- 10:25:33 - <Debug> -- Disabling: [1:3312667] 🐾 - ☠ DNS Request 🌐 to suspicious domain - possible DHL phishing 🎣
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3300997] 🐾 - πŸ‘ DNS request 🌐 to .xxx πŸ‘―πŸ”ž extension
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301003] 🐾 - πŸ‘ DNS request 🌐 to .one ➊ extension
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301007] 🐾 - πŸ‘ DNS request 🌐 to .hk πŸ‡­πŸ‡° extension
3/10/2025 -- 10:25:35 - <Debug> -- Disabling: [1:3301020] 🐾 - πŸ‘ DNS request 🌐 to .fit 🀸 extension
3/10/2025 -- 10:25:36 - <Debug> -- Disabling: [1:3317444] 🐾 - 🚨 Outgoing connection to an IP address seen in πŸ”’ Conti Ransomware Leak
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300149] 🐾 - 🚨 MDNS protocol πŸ€• in use - Multicast query observed
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300153] 🐾 - 🚨 MDNS for TCP service πŸ€• in use - Multicast query observed
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300154] 🐾 - 🚨 MDNS for UDP service πŸ€• in use - Multicast query observed
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300164] 🐾 - 🚨 APT package management 🐧 TLSv1.3
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3301102] 🐾 - 🚨 Powershell 🌐 (Windows πŸͺŸ) - TLSv1.2 connection to FQDN
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3301086] 🐾 - 🚨 Powershell 🌐 (Windows 11 πŸͺŸ) - TLSv1.2 connection to FQDN
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300246] 🐾 - 🚨 TLS1.0 πŸ’” connection observerd
3/10/2025 -- 10:25:38 - <Debug> -- Disabling: [1:3300303] 🐾 - 🚨 Suspicious πŸ‘€ HTTP trafic on unusual HTTP port
3/10/2025 -- 10:25:40 - <Debug> -- Enabling: # [1:2027759] ET DNS Query for .co TLD
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2027177] ET INFO Command Shell Activity Over SMB - Possible Lateral Movement
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2019982] ET INFO DNS Query to .onion proxy Domain (way2tor)
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2020125] ET INFO DNS Query to .onion proxy Domain (tor4life.com)
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2013504] ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2030518] ET INFO HTTP POST Request to Suspicious *.ma Domain
3/10/2025 -- 10:25:50 - <Debug> -- Disabling: [1:2012522] ET INFO DNS Query For XXX Adult Site Top Level Domain
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2029834] ET INFO Observed DNS Query to KnowBe4 Simulated Phish Domain
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011407] ET INFO DNS Query for Suspicious .com.ru Domain
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011408] ET INFO DNS Query for Suspicious .com.cn Domain
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2011411] ET INFO DNS Query for Suspicious .co.kr Domain
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2027865] ET INFO Observed DNS Query to .cloud TLD
3/10/2025 -- 10:25:50 - <Debug> -- Enabling: # [1:2027874] ET INFO HTTP Request to Suspicious *.cloud Domain
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2045780] ET INFO Observed DNS Query to .win TLD
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2050127] ET INFO DNS Query to Online Application Hosting Domain (onrender .com)
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2014508] ET INFO DNS Query to a *.slyip.net Dynamic DNS Domain
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2050736] ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2012321] ET INFO HTTP Request to a *.cx.cc domain
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2027872] ET INFO HTTP Request to Suspicious *.biz Domain
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2023873] ET INFO DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv .ps)
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2030205] ET INFO HTTP Request for ISO File Direct to IP
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2015576] ET INFO DNS Query to .onion proxy Domain (tor2web)
3/10/2025 -- 10:25:51 - <Debug> -- Enabling: # [1:2018876] ET INFO DNS Query to .onion proxy Domain (onion.cab)
3/10/2025 -- 10:25:51 - <Debug> -- Disabling: [1:2056212] ET INFO Internet Printing Protocol (IPP) Get-Printer-Attributes Outbound Request
3/10/2025 -- 10:25:53 - <Debug> -- Enabling: # [1:2053723] ET INFO DYNAMIC_DNS Query to a *.dyndns-at-home .com Domain
3/10/2025 -- 10:25:53 - <Debug> -- Enabling: # [1:2053724] ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-at-home .com Domain
3/10/2025 -- 10:25:53 - <Debug> -- Disabling: [1:2063117] ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net)
3/10/2025 -- 10:26:44 - <Info> -- Disabled 107 rules.
3/10/2025 -- 10:26:44 - <Info> -- Enabled 18 rules.
3/10/2025 -- 10:26:44 - <Info> -- Modified 6 rules.
3/10/2025 -- 10:26:44 - <Info> -- Dropped 103893 rules.
3/10/2025 -- 10:26:44 - <Debug> -- Checking flowbits for pass 1 of rules.
3/10/2025 -- 10:26:44 - <Debug> -- Found 380 required flowbits.
3/10/2025 -- 10:26:44 - <Debug> -- Found 136 rules to enable for flowbit requirements (pass 1)
3/10/2025 -- 10:26:44 - <Debug> -- Checking flowbits for pass 2 of rules.
3/10/2025 -- 10:26:44 - <Debug> -- Found 381 required flowbits.
3/10/2025 -- 10:26:45 - <Debug> -- Found 0 rules to enable for flowbit requirements (pass 2)
3/10/2025 -- 10:26:45 - <Debug> -- All required rules enabled.
3/10/2025 -- 10:26:45 - <Info> -- Enabled 136 rules for flowbit dependencies.
3/10/2025 -- 10:26:45 - <Info> -- Backing up current rules.
3/10/2025 -- 10:26:45 - <Debug> -- Recording existing file /var/lib/suricata/rules/suricata.rules with hash '928e0194ecfffac77111e160f412980b'.
3/10/2025 -- 10:27:00 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 113491; enabled: 97618; added: 11; removed 0; modified: 7945
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_red_flag_domains.lst to /var/lib/suricata/rules/datasets/789a2b835a8844296efb9a037523d3bf
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_openphish.lst to /var/lib/suricata/rules/datasets/3e6c5358aa5d6f6d3a0887e3b4cd0814
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_phishstats.lst to /var/lib/suricata/rules/datasets/eeab26fc22636fd972976e118d196f8f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_nrd_phishing_14day.lst to /var/lib/suricata/rules/datasets/34c3ba3122e512820052a1f2ba1e6c2f
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_l.lst to /var/lib/suricata/rules/datasets/8bbcff8e1b540c8e20b65d20a44a3252
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_w.lst to /var/lib/suricata/rules/datasets/ea8ac6bf247f409e8ef8a0abd07cdf37
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_w32.lst to /var/lib/suricata/rules/datasets/1cfec84d82bdb0d4c44ce4767a79f211
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_chrome_m.lst to /var/lib/suricata/rules/datasets/fc7f1bf3299c2df56456a195f07f08f9
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_w.lst to /var/lib/suricata/rules/datasets/ebc5c6abfc73569a2a3778803b538738
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_l.lst to /var/lib/suricata/rules/datasets/60f0a25e6ae1dd3376b68840cc16ce22
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_firefox_m.lst to /var/lib/suricata/rules/datasets/fa6b492d74837057bddce3ca8bdb1774
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_w.lst to /var/lib/suricata/rules/datasets/7525eeb78c73dadb502f26e6d435ce80
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_l.lst to /var/lib/suricata/rules/datasets/d7fa85b0bbb522ff2fe857ff25e0ba78
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_thunderbird_m.lst to /var/lib/suricata/rules/datasets/aba47376d20c6b1c9aa9daf84942c31c
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_edge_w.lst to /var/lib/suricata/rules/datasets/adcf3efb23307665b749424ab64825fc
3/10/2025 -- 10:27:00 - <Debug> -- Copying dataset file pawpatrules_putty.lst to /var/lib/suricata/rules/datasets/e01ec07296517c72dae5443f651dc1e3
Traceback (most recent call last):
File "/bin/suricata-update", line 36, in <module>
sys.exit(main.main())
~~~~~~~~~^^
File "/usr/lib/suricata/python/suricata/update/main.py", line 1428, in main
sys.exit(_main())
~~~~~^^
File "/usr/lib/suricata/python/suricata/update/main.py", line 1356, in _main
write_merged(os.path.join(output_filename), rulemap, dep_files)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/suricata/python/suricata/update/main.py", line 573, in write_merged
reformatted = handle_dataset_files(rule, dep_files)
File "/usr/lib/suricata/python/suricata/update/main.py", line 469, in handle_dataset_files
prefix = os.path.dirname(rule.group)
File "<frozen posixpath>", line 178, in dirname
TypeError: expected str, bytes or os.PathLike object, not NoneType
root@iNetSrv01:~#
    (1-1/1)