Snort mailing list archives
Re: Snort not updating any .rules except snort.rules in /rules directory
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 23 May 2019 19:00:11 +0000
That shows that you are a “Registered” user, which is 30 days behind. In order to get rules immediately, you must become a subscriber, which has an associated cost, per sensor. Adding the Subscription email address and removing the Snort-sigs list to ensure you get your subscription squared away. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: Michael Shkolnik <michael.shkolnik () webcasts com> Date: Thursday, May 23, 2019 at 2:56 PM To: "Joel Esler (jesler)" <jesler () cisco com> Cc: "snort-sigs () lists snort org" <snort-sigs () lists snort org> Subject: Re: [Snort-sigs] Snort not updating any .rules except snort.rules in /rules directory I am. My company purchases business level licenses for our sensors. It should be under my supervisor's name, Matt.Mantione () pgi com (see attachment) Best, Michael Shkolnik | Engineering | PGi<http://www.pgi.com/> | New York, NY ________________________________ From: "Joel Esler (jesler)" <jesler () cisco com> To: "Michael Shkolnik" <michael.shkolnik () webcasts com> Cc: snort-sigs () lists snort org Sent: Thursday, May 23, 2019 2:45:18 PM Subject: Re: [Snort-sigs] Snort not updating any .rules except snort.rules in /rules directory Are you a Subscriber to the rule set? From: Michael Shkolnik <michael.shkolnik () webcasts com> Date: Thursday, May 23, 2019 at 2:33 PM To: "Joel Esler (jesler)" <jesler () cisco com> Cc: "snort-sigs () lists snort org" <snort-sigs () lists snort org> Subject: Re: [Snort-sigs] Snort not updating any .rules except snort.rules in /rules directory Hi Joel, Thank you for getting back to me so promptly. I took a look inside the snort.rules before I reached out to you and did not see the latest threats being added despite what appears to be a successful rule pulldown, which is why I became concerned and reached out. If you could kindly look at the provided screenshot, you will notice that the pulled down rules do not match what is on the release notes for May 20th: https://snort.org/advisories/talos-rules-2019-05-20 Also, if all rules files are consolidated into a single snort.rules files, why do Snort release notes show modifications to other .rules files per the url I provided earlier? "Talos has added and modified multiple rules in the deleted, file-flash, file-other, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies." If it helps, I am running Snort Version 2.9.9.0 GRE (Build 56) FreeBSD Best, Michael Shkolnik | Engineering | PGi<http://www.pgi.com/> | New York, NY ________________________________ From: "Joel Esler (jesler)" <jesler () cisco com> To: "Michael Shkolnik" <michael.shkolnik () webcasts com>, snort-sigs () lists snort org Sent: Thursday, May 23, 2019 2:18:37 PM Subject: Re: [Snort-sigs] Snort not updating any .rules except snort.rules in /rules directory Hey Michael, PulledPork consolidates the rules files down to one file (snort.rules). If you take a look inside that file, you will see the multiple categories of rules all consolidated. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Michael Shkolnik <michael.shkolnik () webcasts com> Date: Thursday, May 23, 2019 at 2:14 PM To: "snort-sigs () lists snort org" <snort-sigs () lists snort org> Subject: [Snort-sigs] Snort not updating any .rules except snort.rules in /rules directory Good afternoon, I've noticed that during weekly updates only snort.rules files get updated within the /usr/local/etc/snort/rules directory and not any other .rules files within that directory. This is what I have in my pulledpork.conf file, do I need to revise any entries to fix this? rule_path=/usr/local/etc/snort/rules/snort.rules out_path=/usr/local/etc/snort/rules/ Michael S
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Snort not updating any .rules except snort.rules in /rules directory Michael Shkolnik (May 23)
- <Possible follow-ups>
- Re: Snort not updating any .rules except snort.rules in /rules directory Joel Esler (jesler) via Snort-sigs (May 23)
- Message not available
- Re: Snort not updating any .rules except snort.rules in /rules directory Michael Shkolnik (May 23)
- Re: Snort not updating any .rules except snort.rules in /rules directory Joel Esler (jesler) via Snort-sigs (May 23)
- Message not available
- Re: Snort not updating any .rules except snort.rules in /rules directory Michael Shkolnik (May 23)
- Re: Snort not updating any .rules except snort.rules in /rules directory Joel Esler (jesler) via Snort-sigs (May 23)
- Message not available