>We are adding a new category in the ruleset tarball coming out in just about an hour from now. I wanted to announce formally to make sure everyone’s aware. You won’t have any issues with the rulesets if you miss this, but you won’t get the new category enabled if you’re not using the -all.rules files.
The new category is MOBILE_MALWARE. It’s intent is to keep malware and UA rules specifically for mobile devices when on wifi nets. We’ll have about 10 rules in it to start, but I suspect this will grow quickly.
File naming will be:
ET Pro for both snort and suricata:
ET Open for both snort and suricata:
For Snort we recommend adding the following line to add this ruleset (added to the sample configurations as well)
For suricata, add this to your suricata.yaml (also in the sample file):