Snort mailing list archives
Re: Pulledpork and proprocessor rules
From: SnortFan <SnortFan () yahoo com>
Date: Thu, 23 Jan 2014 15:47:36 -0500
Here is the list as best as I can tell from what's in the snort rules file. When I place them into the enablesid.conf file and pull I get the mother load of rules. I don't recommend turning them all on. app-detect blacklist browser-chrome browser-firefox browser-ie browser-other browser-plugins browser-webkit content-replace decoder dos exploit-kit file-executable file-flash file-identify file-image file-java file-multimedia file-office file-other file-pdf indicator-compromise indicator-obfuscation indicator-scan indicator-shellcode malware-backdoor malware-cnc malware-other malware-tools netbios os-linux os-mobile os-other os-solaris os-windows policy-multimedia policy-other policy-social policy-spam preprocessor protocol-dns protocol-finger protocol-ftp protocol-icmp protocol-imap protocol-nntp protocol-pop protocol-rpc protocol-scada protocol-services protocol-snmp protocol-telnet protocol-tftp protocol-voip pua-adware pua-other pua-p2p pua-toolbars server-apache server-iis server-mail server-mssql server-mysql server-oracle server-other server-samba server-webapp sql x11 Sent from a mobile device.
On Jan 23, 2014, at 8:44 AM, SnortFan <SnortFan () yahoo com> wrote: Hi Dave, It looks like it pulls them down and places them in the snort.rule file. I don't see where it replaces the gen-msg.map file but if you search in the snort.rules file for one of the gid's you should see them. Cheers, Ed Sent from a mobile device.On Jan 23, 2014, at 7:43 AM, Dave Corsello <snort-users () wintertreemedia com> wrote: I thought this would be a pretty basic question, but I haven't been able to locate an answer yet. How do you enable proproc rules in pulledpork? I tried adding "1:136,2:136" to enablesid.conf, but it didn't work. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulledpork and proprocessor rules Dave Corsello (Jan 23)
- Re: Pulledpork and proprocessor rules SnortFan (Jan 23)
- Re: Pulledpork and proprocessor rules SnortFan (Jan 23)
- Re: Pulledpork and proprocessor rules Dave Corsello (Jan 23)
- Re: Pulledpork and proprocessor rules SnortFan (Jan 24)
- Re: Pulledpork and proprocessor rules Lay, James (Jan 24)
- Message not available
- Re: Pulledpork and proprocessor rules Dave Corsello (Jan 24)
- Re: Pulledpork and proprocessor rules SnortFan (Jan 23)
- Re: Pulledpork and proprocessor rules SnortFan (Jan 23)