diff --git a/debian/changelog b/debian/changelog
index a4006f4..a425b60 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+securityonion-rule-update (20151201-1ubuntu1securityonion11) trusty; urgency=medium
+
+  * issues 1141 and 1069 
+
+ -- Doug Burks <doug.burks@gmail.com>  Tue, 17 Oct 2017 10:09:21 -0400
+
 securityonion-rule-update (20151201-1ubuntu1securityonion10) trusty; urgency=medium
 
   * securityonion-rule-update: Restore stdout/stderr redirect in crontab #1054 
diff --git a/debian/patches/issues-1141-and-1069 b/debian/patches/issues-1141-and-1069
new file mode 100644
index 0000000..936f321
--- /dev/null
+++ b/debian/patches/issues-1141-and-1069
@@ -0,0 +1,53 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-rule-update (20151201-1ubuntu1securityonion11) trusty; urgency=medium
+ .
+   * issues 1141 and 1069
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-rule-update-20151201.orig/usr/bin/rule-update
++++ securityonion-rule-update-20151201/usr/bin/rule-update
+@@ -176,6 +176,13 @@ if [ ! -f $SSH_CONF ]; then
+ 
+ 	# Suricata options
+ 	if [ "$ENGINE" = "suricata" ]; then
++		# Check if Suricata events rules are present. 
++		if grep -x "^local_rules=/etc/nsm/rules/local.rules" /etc/nsm/pulledpork/pulledpork.conf >/dev/null 2>&1; then
++			# Backup pulledpork.conf
++			cp /etc/nsm/pulledpork/pulledpork.conf /etc/nsm/pulledpork/pulledpork.conf.bak.`date +%Y%m%d`
++			# Add Suricata events rules
++			sed -i 's|^local_rules=/etc/nsm/rules/local.rules|local_rules=/etc/nsm/rules/local.rules,/etc/nsm/rules/decoder-events.rules,/etc/nsm/rules/stream-events.rules,/etc/nsm/rules/http-events.rules,/etc/nsm/rules/smtp-events.rules|g' /etc/nsm/pulledpork/pulledpork.conf
++		fi
+ 		# Always use -T option for Suricata:
+ 		#    -T Process text based rules files only, i.e. DO NOT process so_rules
+ 		PULLEDPORK_OPTIONS_SURI="-T"
+@@ -190,6 +197,11 @@ if [ ! -f $SSH_CONF ]; then
+ 		PULLEDPORK_OPTIONS="$PULLEDPORK_OPTIONS $PULLEDPORK_OPTIONS_SURI"
+ 	fi
+ 
++	# Issue 1069: change labs.snort.org to talosintelligence.com
++	# https://github.com/Security-Onion-Solutions/security-onion/issues/1069
++	# http://blog.snort.org/2017/01/labssnortorg-has-been-decommissioned.html
++	sed -i 's|labs.snort.org|talosintelligence.com|g' /etc/nsm/pulledpork/pulledpork.conf
++
+ 	# Go get rules from Internet.
+ 	echo "Running PulledPork."
+ 	su - $PULLEDPORK_USER -c "/usr/bin/pulledpork.pl -P $PULLEDPORK_OPTIONS -c /etc/nsm/pulledpork/pulledpork.conf" |
diff --git a/debian/patches/series b/debian/patches/series
index e4e777d..e52844c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ random-cron-delay-should-be-at-least-10-minutes
 Issue-1034:-securityonion-rule-update:-update-for-PulledPork-0.7.2
 Move-scripts-from-usrbin-to-usrsbin-#1042
 securityonion-rule-update:-Restore-stdoutstderr-redirect-in-crontab-#1054
+issues-1141-and-1069
diff --git a/usr/bin/rule-update b/usr/bin/rule-update
index 40cfee2..a1d1125 100755
--- a/usr/bin/rule-update
+++ b/usr/bin/rule-update
@@ -197,6 +197,11 @@ if [ ! -f $SSH_CONF ]; then
 		PULLEDPORK_OPTIONS="$PULLEDPORK_OPTIONS $PULLEDPORK_OPTIONS_SURI"
 	fi
 
+	# Issue 1069: change labs.snort.org to talosintelligence.com
+	# https://github.com/Security-Onion-Solutions/security-onion/issues/1069
+	# http://blog.snort.org/2017/01/labssnortorg-has-been-decommissioned.html
+	sed -i 's|labs.snort.org|talosintelligence.com|g' /etc/nsm/pulledpork/pulledpork.conf
+
 	# Go get rules from Internet.
 	echo "Running PulledPork."
 	su - $PULLEDPORK_USER -c "/usr/bin/pulledpork.pl -P $PULLEDPORK_OPTIONS -c /etc/nsm/pulledpork/pulledpork.conf" |