ET Telemetry Pro (os-etpro-telemetry): massive issues due to heavily outdated rules

[v3DJG6GL]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
ET Telemetry Pro rules for Intrusion Detection are heavily outdated most of the time:
This issue has been ongoing for some weeks: Sometimes the downloaded rules are up-to-date and Intrusion Detection works for some hours or days - until the next time where the downloaded rulesets are heavily outdated. This causes a lot of falsely blocked traffic.

On an OPNsense instance, for example, there have been no more problems for a few days. But today at 12 pm the freshly downloaded rulesets falsely blocked a lot of valid traffic.

This issue has been ongoing for about a month on my firewalls.

Here a form topic with more informations:
https://forum.opnsense.org/index.php?topic=45112.0

To Reproduce
Steps to reproduce the behavior:

1. Install os-etpro-telemetry Plugin
2. Enter your et_telemetry.token Token
3. ET Pro Download rulesets

Expected behavior
The downloaded ET Pro rulesets should be up-to-date.

Relevant log files
Maybe this one, but I am not sure:

2025-01-13T12:01:25	Error	suricata	[100335] <Error> -- error parsing signature "drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Email Server Mobile Security Settings Phishing Landing 2018-01-22"; flow:established,to_client; file_data; file_data; content:"<html>|0d 0a 0d 0a|<script type=|22|text/javascript|22|>|0d 0a|<!--|0d 0a|document.write"; within:100; nocase; content:"3c%68%65%61%64%3e%0d%0a%0d%0a%3c%74%69%74%6c%65%3e%45%6d%61%69%6c%20%53%65%72%76%65%72"; distance:0; content:"<input type=|22|hidden|22 20|name=|22|login|22 20|value=|22|"; nocase; distance:0; content:"User ID|3a 20|<font face=|22|verdana|22 20|size=|22|2|22 20|color=|22|#000000|22|"; nocase; distance:0; metadata: former_category CURRENT_EVENTS; classtype:bad-unknown; sid:2025232; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Phishing, signature_severity Minor, created_at 2018_01_22, updated_at 2018_01_22;)" from file /usr/local/etc/suricata/opnsense.rules/emerging-current_events.rules at line 4292

Environment
Plugin: os-etpro-telemetry (v1.7_5)
OS: OPNsense v24.10.1
Hardware: DEC2685, DEC2750, DEC3840

[AdSchellevis]

I forwarded your remarks to Proofpoint, since their not active on GitHub, best move the discussion to their forum, a landing page explaining the rules is already there now https://community.emergingthreats.net/t/etpro-telemetry-edition/2355