Re: Pulledpork and proprocessor rules

[SnortFan <SnortFan () yahoo com>]

Here is the list as best as I can tell from what's in the snort rules file. When I place them into the enablesid.conf 
file and pull I get the mother load of rules. I don't recommend turning them all on. 

app-detect
blacklist
browser-chrome
browser-firefox
browser-ie
browser-other
browser-plugins
browser-webkit
content-replace
decoder
dos
exploit-kit
file-executable
file-flash
file-identify
file-image
file-java
file-multimedia
file-office
file-other
file-pdf
indicator-compromise
indicator-obfuscation
indicator-scan
indicator-shellcode
malware-backdoor
malware-cnc
malware-other
malware-tools
netbios
os-linux
os-mobile
os-other
os-solaris
os-windows
policy-multimedia
policy-other
policy-social
policy-spam
preprocessor
protocol-dns
protocol-finger
protocol-ftp
protocol-icmp
protocol-imap
protocol-nntp
protocol-pop
protocol-rpc
protocol-scada
protocol-services
protocol-snmp
protocol-telnet
protocol-tftp
protocol-voip
pua-adware
pua-other
pua-p2p
pua-toolbars
server-apache
server-iis
server-mail
server-mssql
server-mysql
server-oracle
server-other
server-samba
server-webapp
sql
x11

Sent from a mobile device. 

> On Jan 23, 2014, at 8:44 AM, SnortFan <SnortFan () yahoo com> wrote:
>
> Hi Dave,
>    It looks like it pulls them down and places them in the snort.rule file. I don't see where it replaces the 
> gen-msg.map file but if you search in the snort.rules file for one of the gid's you should see them. 
>
> Cheers,
> Ed
>
> Sent from a mobile device. 
>
> > On Jan 23, 2014, at 7:43 AM, Dave Corsello <snort-users () wintertreemedia com> wrote:
> >
> > I thought this would be a pretty basic question, but I haven't been able
> > to locate an answer yet.  How do you enable proproc rules in
> > pulledpork?  I tried adding "1:136,2:136" to enablesid.conf, but it
> > didn't work.
> >
> > ------------------------------------------------------------------------------
> > CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> > Learn Why More Businesses Are Choosing CenturyLink Cloud For
> > Critical Workloads, Development Environments & Everything In Between.
> > Get a Quote or Start a Free Trial Today. 
> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today. 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!