As checked , the update on 1.4 , included latest IOC's. If i am installing this .arb , my previous customized configuration on same rule , will need to do it again right ?
Just added hostnames of known wannacry sites. Created one more list "WannaCry Hostnames" and added condition to Rule. And yes, your filters and conditions will be reset to default. You can backup your conditions and actions to another new rule and after upgrade copy back to rules in updated package.
See screenshot what has changed:
This is very helpful to play with our resources for tracing wannacry. I have just modified the filters, defined our exceptions. It is going well.. I will look forward to hearing any updates from you.
Thank you too much!