Re: Pulled Pork over Oinkmaster?

[Matt Olney <molney () sourcefire com>]

Well whatever the hell you are, you are "useful".

On Thu, Mar 11, 2010 at 12:03 PM, JJ Cummings <cummingsj () gmail com> wrote:
> While I'm not an SE.. I appreciate the plug all the same :-P
>
> JJC
>
> On Thu, Mar 11, 2010 at 8:24 AM, Matt Olney <molney () sourcefire com> wrote:
> > While not an official project, JJ is one of our very best SEs and does
> > some good work.  Move to Pulled Pork when you can, he's as plugged in
> > as it gets.
> >
> > As an aside, Andy if you can drop a list of rules customers are
> > interested in to me, I might (schedule pending) be able to give some
> > feedback as to why they were shipped disabled.
> >
> > Matt
> >
> > p.s. Don't tell JJ I'm talking good about him, don't need him getting
> > uppity.
> >
> > On Thu, Mar 11, 2010 at 9:57 AM, Andy Berryman <aberryman () cymtec com>
> > wrote:
> > > I've been reading and it seems Oinkmaster can't handle the SO rules but
> > > pulled pork can. I've also read in pulled pork I can make it default to
> > > every rule being turned on and then I can turn off from there. I see
> > > it's
> > > maintained by JJ, but is it a "supported" Sourcefire way to pull rules?
> > >
> > >
> > >
> > > We currently use Oinkmaster, but I like the option to have all rules
> > > enabled
> > > by default then tune my rule set myself. We currently get the 2.8_s rule
> > > set
> > > and a bunch of rules are turned off by default.
> > >
> > >
> > >
> > > We also use the FC-5 rules, so does that kind of make the pullepork
> > > advantage pointless in the area of being able to handle SO rules?
> > >
> > >
> > >
> > > We are an integrator and I constantly have customers asking me why we
> > > don't
> > > have certain rules. So, when I research, it turns out we do, they were
> > > just
> > > turned off by default by Sourcefire.
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Andy Berryman
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > > This message from Cymtec Systems, Inc. contains confidential information
> > > and
> > > is solely for the use of the recipient(s) named above. If you are not
> > > the
> > > intended recipient or an agent responsible for delivering it to the
> > > intended
> > > recipient, you are hereby notified that you have received this message
> > > in
> > > error and that any review, disclosure, copying, distribution or use of
> > > the
> > > contents of this message is strictly prohibited. If you have received
> > > this
> > > message in error, please destroy it immediately and notify Cymtec
> > > Systems,
> > > Inc. by telephone at +1.314.993.8700 or by return e-mail.
> > > ________________________________
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Download Intel&#174; Parallel Studio Eval
> > > Try the new software tools for yourself. Speed compiling, find bugs
> > > proactively, and fine-tune applications for parallel performance.
> > > See why Intel Parallel Studio got high marks during beta.
> > > http://p.sf.net/sfu/intel-sw-dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > ------------------------------------------------------------------------------
> > Download Intel&#174; Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users