Snort mailing list archives
Pulled Pork Verifying Rule Updates
From: "Matt Brichetto" <m_brichetto () cuinterface com>
Date: Tue, 15 Oct 2013 17:14:23 -0400
I am new to the Snort world. I recently deployed a Snort IDS based upon the WinSnort platform for windows. And it is working fine. However it has been about 2 months now since I originally deployed it. I wanted to make sure that Pulled Pork is actually automatically updating my definitions. Now I am registered user not a subscriber, so I know the rules I get are 30 days old or so. What I need to know is how to verify that my Snort deployment is actually updating the rules properly through pulled pork. I tried running this command in my WinSnort deployment perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T According the Winsnort site it should update the rules from what I understand, but I was also under the impression that Pulled Pork updates the rules automatically. I just need to know how to verify what rules I have for deployment. I may have more questions from here if the rules are not up to date as of the September release for Registered users. Also I am running Snort Version 2.9.5.0 according to my Pulled Pork.conf file. So if I have to download the rules would I just download the 2.9.5.0 or should I download the 2.9.5.3 rules. Thanks for your help. Matt This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic information about individuals and businesses subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulled Pork Verifying Rule Updates Matt Brichetto (Oct 15)