Re: Snort Rules for 2990

[Alex McDonnell <amcdonnell () sourcefire com>]

Upon building the packages (and the rules for each version) rules are only
added to the rules file where the detection capabilities they use are
compatible with the version of Snort in the name. So there may be some
rules in the 29111 rules file that will not work with Snort 2990. If you
have to use Snort 2990 then you'll have to run snort and attempt to load
the rules and disable the ones that Snort complains about. Eventually 29111
will also be EOL and more and more rules will be incompatible as time goes
on if you don't use a more recent version.

Alex McDonnell
Talos

On Fri, Jan 3, 2020 at 9:18 AM David Decker via Snort-sigs <
snort-sigs () lists snort org> wrote:

> I know 2990 is EOL, still required to use version.  Are the current Sig's
> backwards compatible?  Using pulled pork can I either rename then to 2990
> vice say 29111 or maybe edit the pulled pork config to look for 29111.
>
> This is an offline update by the way.
>
> Thanks
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists snort org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!