Snort mailing list archives

Re: Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 11 Aug 2015 16:38:21 +0000

You should use pulledpork. (Oinkmaster is dead).

pulledpork has several features included in it that we design the ruleset for (like flowbit resolution depending upon 
policy configuration).  So that’s the official recommendation.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com



On Aug 7, 2015, at 11:15 AM, Scott Guthrie <SGuthrie () RPU ORG<mailto:SGuthrie () rpu org>> wrote:

Hello,
I am new to using Snort and was curious about updates.  Do I have to have Pulled Pork or Oinkmaster to update my rules? 
 Also, Are rules the only maintenance task I should perform to keep up to date?   Should I be able to untar/gz the 
snortrules-snapshot-*.tar.gz and put it in the proper directory or is there more to it and if so why?
Thanks for your time and consideration!


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster Scott Guthrie (Aug 11)
- Re: Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster Joel Esler (jesler) (Aug 11)