Yea, we don’t have a good way to avoid the abuse. We love to receive rules and pcaps at ET, if we have someone send us something with ETPRO coverage, we generally move it into the ET OPEN ruleset. If it’s something we don’t have coverage on it goes into the ET OPEN set. When we have researchers contributing/interacting with us a lot, there are various things that we can do in that situation. For the purposes of learning signature generation, there is a lot of good stuff in ET OPEN and we put stuff in there often. Always happy to chat about that. For the purposes of detection, theres the ET Telemetry thats bundled with opnsense which is free.