Are TrickBot rules included in the current Suricata rules

[namobud...@gmail.com]

Hello!

I'm wondering if TrickBot rules are included in the current Suricata rules? Would security onion Squil catch this these types of attcks?

Another question: When SO 1.0 end of life's in April will the rule sets (i.e. Suricata, Pulled Port, ZEEK) stop updating?

Thanks!

Buddha

[Doug Burks]

Replies inline.

On Fri, Mar 19, 2021 at 11:07 AM namobud...@gmail.com <namobud...@gmail.com> wrote:

Hello!

I'm wondering if TrickBot rules are included in the current Suricata rules? Would security onion Squil catch this these types of attcks?

Yes, you can see Trickbot rules by running the following command:

grep -i trickbot /etc/nsm/rules/downloaded.rules

 

Another question: When SO 1.0 end of life's in April will the rule sets (i.e. Suricata, Pulled Port, ZEEK) stop updating?

Security Onion 16.04 reaches End Of Life on April 16. I wouldn't expect rule sets to all of a sudden stop updating on April 17. However, it's still very important that you upgrade to Security Onion 2. We won't be providing any support for Security Onion 16.04 after April 16.

 

Thanks!

Buddha

--
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!
https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/02e5b7b1-1a5f-4443-9c96-b13f70810dfbn%40googlegroups.com.

--

Doug Burks
Founder and CEO
Security Onion Solutions, LLC