"Event Message: ET DELETED" Meaning?

[SpaceVirus]

Hey guys. I was just curious as to what "ET DELETED" means under emerging threats.

Are these outdated rules that can be ignored?

Image attached.

Thanks in advance for the help guys.

[Wes Lambert]

SpaceVirus,

In short, yes.  You may want to see the following:

https://www.snort.org/rules_explanation

Thanks,
Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[SpaceVirus]

Thanks very much Wes. You're the man.

[James Ebersold]

Any thought on why if the event is obsolete it remains as a rule? We want to quiet noise and it seems to qualify as noise.

[Doug Burks]

Hi James,

Please feel free to disable any rules that qualify as noise in your environment:

https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts#disable-the-sid

On Thu, Mar 29, 2018 at 3:52 PM, James Ebersold <jjebe...@gmail.com> wrote:

Any thought on why if the event is obsolete it remains as a rule?  We want to quiet noise and it seems to qualify as noise.

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

Doug Burks

[James Ebersold]

On Sunday, April 8, 2018 at 8:08:23 AM UTC-4, Doug Burks wrote:
> Hi James,
>
>
> Please feel free to disable any rules that qualify as noise in your environment:
> https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts#disable-the-sid
>
>
>
> On Thu, Mar 29, 2018 at 3:52 PM, James Ebersold <jjebe...@gmail.com> wrote:
> Any thought on why if the event is obsolete it remains as a rule?  We want to quiet noise and it seems to qualify as noise.
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>

> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> To post to this group, send email to securit...@googlegroups.com.

>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
> --
>
> Doug Burks

My question was not really about how to remove a rule but why obsolete rules remain.

[Wes Lambert]

James,

You may find a more thorough explanation on the ET mailing list:

https://lists.emergingthreats.net/mailman/listinfo/

Thanks,

Wes

To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.

Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

https://twitter.com/therealwlambert

https://securityonion.net/