[Snort-sigs] Snort Rules Updates Manually W/O Pulled Pork/Oinkmaster

Joel Esler (jesler) jesler at ...3865...
Tue Aug 11 12:38:21 EDT 2015


You should use pulledpork. (Oinkmaster is dead).

pulledpork has several features included in it that we design the ruleset for (like flowbit resolution depending upon policy configuration).  So that’s the official recommendation.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com



On Aug 7, 2015, at 11:15 AM, Scott Guthrie <SGuthrie at ...4065...<mailto:SGuthrie at ...4064...>> wrote:

Hello,
I am new to using Snort and was curious about updates.  Do I have to have Pulled Pork or Oinkmaster to update my rules?  Also, Are rules the only maintenance task I should perform to keep up to date?   Should I be able to untar/gz the snortrules-snapshot-*.tar.gz and put it in the proper directory or is there more to it and if so why?
Thanks for your time and consideration!


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150811/612a7d9a/attachment.html>


More information about the Snort-sigs mailing list