Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Pulled Pork Verifying Rule Updates

From: "Matt Brichetto" <m_brichetto () cuinterface com>
Date: Tue, 15 Oct 2013 17:14:23 -0400
I am new to the Snort world. I recently deployed a Snort IDS based upon
the WinSnort platform for windows. And it is working fine. However it
has been about 2 months now since I originally deployed it. I wanted to
make sure that Pulled Pork is actually automatically updating my
definitions. Now I am registered user not a subscriber, so I know the
rules I get are 30 days old or so. What I need to know is how to verify
that my Snort deployment is actually updating the rules properly through
pulled pork. I tried running this command in my WinSnort deployment

 

perl d:\winids\pulledpork\pulledpork.pl -c
d:\winids\pulledpork\etc\pulledpork.conf -T

 

 

According the Winsnort site it should update the rules from what I
understand, but I was also under the impression that Pulled Pork updates
the rules automatically. I just need to know how to verify what rules I
have for deployment. I may have more questions from here if the rules
are not up to date as of the September release for Registered users.
Also I am running Snort Version 2.9.5.0 according to my Pulled Pork.conf
file. So if I have to download the rules would I just download the
2.9.5.0 or should I download the 2.9.5.3 rules.

 

Thanks for your help.

 

Matt 

 



This communication may contain privileged and/or confidential information. It is intended solely for the use of the 
addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or 
using any of this information. If you received this communication in error, please contact the sender immediately and 
destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic 
information about individuals and businesses subject to the restrictions of the Gramm-Leach-Bliley Act. You may not 
directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for 
which you are receiving the information.


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: