Re: Typeset change logs

["Joel Esler (jesler)" <jesler () cisco com>]

YM,

you are correct.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

On Mar 7, 2014, at 2:37 PM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote:

Rules are usually shipped with the balanced policy as the default  (Joel, correct if I am wrong). This means that the 
rule is/was disabled in the default policy. If that rule is marked with security ips policy in its metadata and you use 
the security policy in your PulledPork, then yes it will get enabled.

YM
________________________________
From: SnortFan () yahoo com<mailto:SnortFan () yahoo com>
Date: Fri, 7 Mar 2014 13:45:35 -0500
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Typeset change logs

Hi All,
     I had a question about the changelog notices. In the change log I notice a list of rules marked as disabled, yet 
when I pull them down using pulledpork they are enabled. By using an ips policy setting am I enabling them?

For example:

In the notice below 21289 is disabled in the changelog linked below but it's active when I do a pull of the VRT rules.

http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_5_0/changes-2013-07-30.html

I'm using:
Snort 2.9.6.0
Pulledpork 7
Ips_policy=security
Enablesid.conf has protocol-VoIP

Thanks,
Ed



Sent from a mobile device.

------------------------------------------------------------------------------ Subversion Kills Productivity. Get off 
Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster 
operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the 
move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge 
net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current 
on all the latest Snort news!
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!