Snort mailing list archives
Re: Confusion around community endpoints / md5
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 12 Dec 2015 02:13:25 +0000
It's on the website and has been there for months. I apologize if I have not mentioned it on list. -- Joel Esler Manager, Talos Group Sent from my iPhone On Dec 11, 2015, at 7:16 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote: Thanks Joel… sorry for the late response. I’ve upgraded to 2.9.7.5. Is there any word on having an endpoint for getting the md5 for the community ruleset? Thanks, Aaron From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Tuesday, September 01, 2015 1:34 PM To: Aaron Dressin Cc: Kevin Miklavcic; snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net> Subject: Re: [Snort-sigs] Confusion around community endpoints / md5 So for the 1st one — We have a bug open with our team to square this away, there are a couple different factors here, and we’ll fix them both at the same time. Sorry about any inconvenience. Are you using pulledpork to download the ruleset? 2nd — 2.9.7.0 is EOL. The newer rulesets MAY work on the older version, but it’s not supported, and you should upgrade your version of Snort. -- Joel Esler Manager, Threat Intelligence Team & Open Source Talos Group http://www.talosintel.com On Sep 1, 2015, at 4:18 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote: Hello, Sorry to bump this issue, however I am still unclear how to update my existing pulled pork configurations and scripts to get the correct ruleset. I am a registered user and my questions are: 1. I use to be able to grab an md5 file for the exact version of the ruleset I was interested in, which allowed me to know if there were any updates. For the community ruleset, which I do also fetch, I no longer see an md5 file. Can someone point out how to check for a new community ruleset advisory using an md5 (I see the “All Md5s” link on the website, but this is an HTTP response… do I need to parse this response to check the md5 now?) 2. I am on snort version 2.9.7.0, however I no longer see ruleset files for that version ( I only see 2962, 2973, and 2975). Can someone confirm that I should be pulling one of these for the 2970 version of snort? Kind Regards, Aaron From: Kevin Miklavcic [mailto:kmiklavcic () sourcefire com] Sent: Monday, August 03, 2015 9:39 AM To: Aaron Dressin Cc: snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net> Subject: Re: [Snort-sigs] Confusion around community endpoints / md5 Hi Aaron, I have confirmed the links you specified are obsolete and will no longer work in the not-so-distant future. Please reference the links on the current download page. Thanks, Kevin On Sat, Aug 1, 2015 at 12:45 AM, Kevin Miklavcic <kmiklavcic () sourcefire com<mailto:kmiklavcic () sourcefire com>> wrote: Hi Aaron, The community rules link on the downloads page of snort.org<http://snort.org/> redirects to the latest copy of the ruleset ( https://www.snort.org/downloads/community/community-rules.tar.gz ). I'll inquire about the links you provided. Cheers, Kevin On Fri, Jul 31, 2015 at 12:56 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote: Hello, Up until the 20th of this month, I was receiving correct updates for the community ruleset and matching md5 from respectively: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md5 Since the 20th, the md5 hasn’t changed and I am unclear what the correct rules and matching md5 url are. Kind Regards, Aaron ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort! ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Confusion around community endpoints / md5 Aaron Dressin (Dec 11)
- Re: Confusion around community endpoints / md5 Joel Esler (jesler) (Dec 11)