Snort mailing list archives
Re: Pulled Pork over Oinkmaster?
From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 11 Mar 2010 10:03:42 -0700
While I'm not an SE.. I appreciate the plug all the same :-P JJC On Thu, Mar 11, 2010 at 8:24 AM, Matt Olney <molney () sourcefire com> wrote:
While not an official project, JJ is one of our very best SEs and does some good work. Move to Pulled Pork when you can, he's as plugged in as it gets. As an aside, Andy if you can drop a list of rules customers are interested in to me, I might (schedule pending) be able to give some feedback as to why they were shipped disabled. Matt p.s. Don't tell JJ I'm talking good about him, don't need him getting uppity. On Thu, Mar 11, 2010 at 9:57 AM, Andy Berryman <aberryman () cymtec com> wrote:I've been reading and it seems Oinkmaster can't handle the SO rules but pulled pork can. I've also read in pulled pork I can make it default to every rule being turned on and then I can turn off from there. I see it's maintained by JJ, but is it a "supported" Sourcefire way to pull rules? We currently use Oinkmaster, but I like the option to have all rulesenabledby default then tune my rule set myself. We currently get the 2.8_s rulesetand a bunch of rules are turned off by default. We also use the FC-5 rules, so does that kind of make the pullepork advantage pointless in the area of being able to handle SO rules? We are an integrator and I constantly have customers asking me why wedon'thave certain rules. So, when I research, it turns out we do, they werejustturned off by default by Sourcefire. Thanks, Andy Berryman ________________________________ This message from Cymtec Systems, Inc. contains confidential informationandis solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to theintendedrecipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use ofthecontents of this message is strictly prohibited. If you have receivedthismessage in error, please destroy it immediately and notify CymtecSystems,Inc. by telephone at +1.314.993.8700 or by return e-mail. ________________________________------------------------------------------------------------------------------Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pulled Pork over Oinkmaster? Andy Berryman (Mar 11)
- Re: Pulled Pork over Oinkmaster? Matt Olney (Mar 11)
- Re: Pulled Pork over Oinkmaster? JJ Cummings (Mar 11)
- Re: Pulled Pork over Oinkmaster? Matt Olney (Mar 11)
- Re: Pulled Pork over Oinkmaster? JJ Cummings (Mar 11)
- Re: Pulled Pork over Oinkmaster? Matt Olney (Mar 11)