[Snort-users] Snorby SBSA

JJ Cummings cummingsj at ...11827...
Fri Aug 27 14:16:08 EDT 2010


Another note, the current development version of pulledpork (svn) will let you download multiple rulesets and output a single unified sid-msg.map

Sent from the iRoad

On Aug 27, 2010, at 10:15, "Jefferson, Shawn" <Shawn.Jefferson at ...14448...> wrote:

> Not exactly at the same time, but with separate configs... and you need to have your configs setup properly so that pulledpork creates the sid-msg.map by merging the two runs-by specifying the rule files as "local" rule files.
> 
> There are a few things that pulledpork does different (and some of them automatically!) than oinkmaster, but once you figure that out, pulledpork is awesome.
> 
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...] 
> Sent: Friday, August 27, 2010 8:51 AM
> To: Christopher A. Libby
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snorby SBSA
> 
> Pulledpork will handle both ET and VRT rules at the same time, plus SO. 
> 
> 
> 
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users 
> worldwide. Take advantage of special opportunities to increase revenue and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list