Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Community Ruleset Clarification

From: Joel Esler <jesler () sourcefire com>
Date: Sat, 30 Mar 2013 14:12:25 -0400
On Mar 30, 2013, at 12:40 PM, "Michael Steele" <michaels () winsnort com> wrote:


The Community Rule set:
 
Is the Community Rules download maintained to be an exact duplicate of what’s in the Subscribers Release on any given 
day?


The community Ruleset is generated daily.  The subscriber set is generated twice a week.  So there will be periods when 
a couple of the rules in the community Ruleset will be more up to date than subscriber, but only for a couple days at 
the most. 


 If I’m reading the information correctly; It appears that the Community Rules are built right into the Subscribers 
Release, but not into the Registered Users Release. Is there a reason why this is not happening with the Registered 
Users Release?


The community Ruleset is a subset of the master Ruleset (subscriber). Don't think of them as "built into" the 
subscriber set. Think of them as extracted from the subscriber set. Daily. 

They are in the registered release. But the rule pack that registered users are downloading was generated a month ago. 
So they are 30 days old. Registered should use both registered and community for the most up to date rules that are in 
the community Ruleset. 

This may change in the future. Planning is taking place. 


 If the above is correct, can the Community Rules be Pulled using PulledPork?


Yes. The svn version of pulledpork has it built in. A new release should be soon. The details are in my blog post. 
http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: