Snort mailing list archives
Re: Snort Rules for 2990
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Fri, 3 Jan 2020 09:54:51 -0500
Upon building the packages (and the rules for each version) rules are only added to the rules file where the detection capabilities they use are compatible with the version of Snort in the name. So there may be some rules in the 29111 rules file that will not work with Snort 2990. If you have to use Snort 2990 then you'll have to run snort and attempt to load the rules and disable the ones that Snort complains about. Eventually 29111 will also be EOL and more and more rules will be incompatible as time goes on if you don't use a more recent version. Alex McDonnell Talos On Fri, Jan 3, 2020 at 9:18 AM David Decker via Snort-sigs < snort-sigs () lists snort org> wrote:
I know 2990 is EOL, still required to use version. Are the current Sig's backwards compatible? Using pulled pork can I either rename then to 2990 vice say 29111 or maybe edit the pulled pork config to look for 29111. This is an offline update by the way. Thanks _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Rules for 2990 David Decker via Snort-sigs (Jan 03)
- Re: Snort Rules for 2990 Joel Esler (jesler) via Snort-sigs (Jan 03)
- Re: Snort Rules for 2990 Alex McDonnell (Jan 03)