ET OPEN Ruleset Download Instructions

To download your OPEN ruleset use the following url format

Suricata: https://rules.emergingthreats.net/open/suricata-$version/emerging.rules.tar.gz

Snort: https://rules.emergingthreats.net/open/snort-$version/emerging.rules.tar.gz

$version above is customer supplied. It is the version of your Suricata or Snort IDS.

Examples:

Changelogs: http://rules.emergingthreats.net/changelogs/

Rule Downloaders

Suricata-Update

Suricata-Update is the preferred method of managing Suricata rule files.  Please see instructions here:

https://github.com/OISF/suricata-update

Pulled Pork

If you use Pulled Pork add this to your configuration:

rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open

Pulled Pork also has to be told you are running Suricata by using -S

For example, if running Suricata 4.0.3:

$ ./pulledpork.pl -S suricata-4.0.3 -c /path/to/pulledpork.conf

Note that Pulled Pork < 0.7.1 doesn’t work out of the box with Suricata ET rules.  Please use the latest version here if having issues: https://github.com/shirkdog/pulledpork

Best practices

Supported Engine Versions

Suricata
Snort

Support

Feedback Tool

To access the Feedback Tool web interface please visit: https://feedback.emergingthreats.net/. For instructions on registration and usage for the Feedback Tool API please visit: https://feedback.emergingthreats.net/help

Mailing lists

Pro customers can also ask questions on our mailing list: https://lists.emergingthreats.net/mailman/listinfo/

Twitter

https://twitter.com/ET_Labs

IRC

#emerging-threats on Freenode