[Snort-users] Pulled Pork over Oinkmaster?

Andy Berryman aberryman at ...14765...
Thu Mar 11 09:57:48 EST 2010


I've been reading and it seems Oinkmaster can't handle the SO rules but
pulled pork can. I've also read in pulled pork I can make it default to
every rule being turned on and then I can turn off from there. I see
it's maintained by JJ, but is it a "supported" Sourcefire way to pull
rules? 

 

We currently use Oinkmaster, but I like the option to have all rules
enabled by default then tune my rule set myself. We currently get the
2.8_s rule set and a bunch of rules are turned off by default. 

 

We also use the FC-5 rules, so does that kind of make the pullepork
advantage pointless in the area of being able to handle SO rules? 

 

We are an integrator and I constantly have customers asking me why we
don't have certain rules. So, when I research, it turns out we do, they
were just turned off by default by Sourcefire. 

 

Thanks,

Andy Berryman

 

 


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.                    
###############################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100311/2613e8fd/attachment.html>


More information about the Snort-users mailing list