Snort mailing list archives
Re: Confusion around community endpoints / md5
From: Aaron Dressin <Aaron.Dressin () iboss com>
Date: Sat, 12 Dec 2015 00:16:25 +0000
Thanks Joel… sorry for the late response. I’ve upgraded to 2.9.7.5. Is there any word on having an endpoint for getting the md5 for the community ruleset? Thanks, Aaron From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Tuesday, September 01, 2015 1:34 PM To: Aaron Dressin Cc: Kevin Miklavcic; snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Confusion around community endpoints / md5 So for the 1st one — We have a bug open with our team to square this away, there are a couple different factors here, and we’ll fix them both at the same time. Sorry about any inconvenience. Are you using pulledpork to download the ruleset? 2nd — 2.9.7.0 is EOL. The newer rulesets MAY work on the older version, but it’s not supported, and you should upgrade your version of Snort. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Sep 1, 2015, at 4:18 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote: Hello, Sorry to bump this issue, however I am still unclear how to update my existing pulled pork configurations and scripts to get the correct ruleset. I am a registered user and my questions are: 1. I use to be able to grab an md5 file for the exact version of the ruleset I was interested in, which allowed me to know if there were any updates. For the community ruleset, which I do also fetch, I no longer see an md5 file. Can someone point out how to check for a new community ruleset advisory using an md5 (I see the “All Md5s” link on the website, but this is an HTTP response… do I need to parse this response to check the md5 now?) 2. I am on snort version 2.9.7.0, however I no longer see ruleset files for that version ( I only see 2962, 2973, and 2975). Can someone confirm that I should be pulling one of these for the 2970 version of snort? Kind Regards, Aaron From: Kevin Miklavcic [mailto:kmiklavcic () sourcefire com] Sent: Monday, August 03, 2015 9:39 AM To: Aaron Dressin Cc: snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net> Subject: Re: [Snort-sigs] Confusion around community endpoints / md5 Hi Aaron, I have confirmed the links you specified are obsolete and will no longer work in the not-so-distant future. Please reference the links on the current download page. Thanks, Kevin On Sat, Aug 1, 2015 at 12:45 AM, Kevin Miklavcic <kmiklavcic () sourcefire com<mailto:kmiklavcic () sourcefire com>> wrote: Hi Aaron, The community rules link on the downloads page of snort.org<http://snort.org/> redirects to the latest copy of the ruleset ( https://www.snort.org/downloads/community/community-rules.tar.gz ). I'll inquire about the links you provided. Cheers, Kevin On Fri, Jul 31, 2015 at 12:56 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote: Hello, Up until the 20th of this month, I was receiving correct updates for the community ruleset and matching md5 from respectively: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md5 Since the 20th, the md5 hasn’t changed and I am unclear what the correct rules and matching md5 url are. Kind Regards, Aaron ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort! ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Confusion around community endpoints / md5 Aaron Dressin (Dec 11)
- Re: Confusion around community endpoints / md5 Joel Esler (jesler) (Dec 11)