[Snort-users] Pulled Pork over Oinkmaster?

JJ Cummings cummingsj at ...11827...
Thu Mar 11 12:03:42 EST 2010


While I'm not an SE.. I appreciate the plug all the same :-P

JJC

On Thu, Mar 11, 2010 at 8:24 AM, Matt Olney <molney at ...1935...> wrote:

> While not an official project, JJ is one of our very best SEs and does
> some good work.  Move to Pulled Pork when you can, he's as plugged in
> as it gets.
>
> As an aside, Andy if you can drop a list of rules customers are
> interested in to me, I might (schedule pending) be able to give some
> feedback as to why they were shipped disabled.
>
> Matt
>
> p.s. Don't tell JJ I'm talking good about him, don't need him getting
> uppity.
>
> On Thu, Mar 11, 2010 at 9:57 AM, Andy Berryman <aberryman at ...14758...>
> wrote:
> > I've been reading and it seems Oinkmaster can't handle the SO rules but
> > pulled pork can. I've also read in pulled pork I can make it default to
> > every rule being turned on and then I can turn off from there. I see it's
> > maintained by JJ, but is it a "supported" Sourcefire way to pull rules?
> >
> >
> >
> > We currently use Oinkmaster, but I like the option to have all rules
> enabled
> > by default then tune my rule set myself. We currently get the 2.8_s rule
> set
> > and a bunch of rules are turned off by default.
> >
> >
> >
> > We also use the FC-5 rules, so does that kind of make the pullepork
> > advantage pointless in the area of being able to handle SO rules?
> >
> >
> >
> > We are an integrator and I constantly have customers asking me why we
> don't
> > have certain rules. So, when I research, it turns out we do, they were
> just
> > turned off by default by Sourcefire.
> >
> >
> >
> > Thanks,
> >
> > Andy Berryman
> >
> >
> >
> >
> >
> > ________________________________
> > This message from Cymtec Systems, Inc. contains confidential information
> and
> > is solely for the use of the recipient(s) named above. If you are not the
> > intended recipient or an agent responsible for delivering it to the
> intended
> > recipient, you are hereby notified that you have received this message in
> > error and that any review, disclosure, copying, distribution or use of
> the
> > contents of this message is strictly prohibited. If you have received
> this
> > message in error, please destroy it immediately and notify Cymtec
> Systems,
> > Inc. by telephone at +1.314.993.8700 or by return e-mail.
> > ________________________________
> >
> >
> ------------------------------------------------------------------------------
> > Download Intel® Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100311/902a76cc/attachment.html>


More information about the Snort-users mailing list