Ruleset Downloads

All Emerging Threats Signatures

The rulesets are now available in multiple versions on multiple engines. please visit http://rules.emergingthreats.net/ to browse all available files for the platform and engine you desire.

The open directory has the open Emerging Threats ruleset, the best of the old Community Ruleset (now defunct) and the best of the old Snort GPL sigs (sids 3464 and earlier) all combined using their original sids. Do not combine this ruleset with any other, you may have sid duplication.

The open-nogpl directory has ONLY the open Emerging Threats ruleset.

The blockrules directory has all of our dynamic IP list based rulesets for blocking known bad hosts.

The fwrules directory has all of our dynamic IP list based rulesets in firewall formats for blocking known bad hosts.

• Last Daily Change Summaries

• SidAllocation

• Emerging Threats CVS Web Interface -- Now defunct but here for historical reference

All Rules in one file:

• emerging-all.rules under each engine and version

All rules and Ancillary Files

• emerging.rules.tar.gz under each engine and version

Spamhaus.org DROP List (SpamHausDROPList)

• emerging-drop.rules
• emerging-drop-BLOCK.rules

Known CompromisedHost List

• emerging-compromised.rules
• emerging-compromised-BLOCK.rules

Dshield Top Attackers List (DshieldTopAttackers) :

• emerging-dshield.rules
• emerging-dshield-drop.rules

Botnet Command and Control Server Rules (BotCC):

• emerging-botcc.rules
• emerging-botcc-BLOCK.rules

RussianBusinessNetwork Host List (RussianBusinessNetwork) :

• emerging-rbn.rules
• emerging-rbn-BLOCK.rules

Tor Exit Nodes List:

• emerging-tor.rules
• emerging-tor-BLOCK.rules

Related Firewall Rulesets (EmergingFirewallRules) :

• http://rules.emergingthreats.net/fwrules/