Snort mailing list archives
Re: Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 11 Aug 2015 16:38:21 +0000
You should use pulledpork. (Oinkmaster is dead). pulledpork has several features included in it that we design the ruleset for (like flowbit resolution depending upon policy configuration). So that’s the official recommendation. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Aug 7, 2015, at 11:15 AM, Scott Guthrie <SGuthrie () RPU ORG<mailto:SGuthrie () rpu org>> wrote: Hello, I am new to using Snort and was curious about updates. Do I have to have Pulled Pork or Oinkmaster to update my rules? Also, Are rules the only maintenance task I should perform to keep up to date? Should I be able to untar/gz the snortrules-snapshot-*.tar.gz and put it in the proper directory or is there more to it and if so why? Thanks for your time and consideration! ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster Scott Guthrie (Aug 11)
- Re: Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster Joel Esler (jesler) (Aug 11)