Are TrickBot rules included in the current Suricata rules

41 views
Skip to first unread message

namobud...@gmail.com

unread,
Mar 19, 2021, 11:07:03 AM3/19/21
to security-onion
Hello!

I'm wondering if TrickBot rules are included in the current Suricata rules? Would security onion Squil catch this these types of attcks?

Another question: When SO 1.0 end of life's in April will the rule sets (i.e. Suricata, Pulled Port, ZEEK) stop updating?

Thanks!
Buddha

Doug Burks

unread,
Mar 22, 2021, 6:04:50 AM3/22/21
to securit...@googlegroups.com
Replies inline.

On Fri, Mar 19, 2021 at 11:07 AM namobud...@gmail.com <namobud...@gmail.com> wrote:
Hello!

I'm wondering if TrickBot rules are included in the current Suricata rules? Would security onion Squil catch this these types of attcks?

Yes, you can see Trickbot rules by running the following command:
grep -i trickbot /etc/nsm/rules/downloaded.rules
 

Another question: When SO 1.0 end of life's in April will the rule sets (i.e. Suricata, Pulled Port, ZEEK) stop updating?

Security Onion 16.04 reaches End Of Life on April 16. I wouldn't expect rule sets to all of a sudden stop updating on April 17. However, it's still very important that you upgrade to Security Onion 2. We won't be providing any support for Security Onion 16.04 after April 16.
 

Thanks!
Buddha

--
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!
https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/02e5b7b1-1a5f-4443-9c96-b13f70810dfbn%40googlegroups.com.


--
Doug Burks
Founder and CEO
Security Onion Solutions, LLC
Reply all
Reply to author
Forward
0 new messages