[Snort-users] Pulled Pork over Oinkmaster?

Matt Olney molney at ...1935...
Thu Mar 11 12:18:25 EST 2010


Well whatever the hell you are, you are "useful".

On Thu, Mar 11, 2010 at 12:03 PM, JJ Cummings <cummingsj at ...11827...> wrote:
> While I'm not an SE.. I appreciate the plug all the same :-P
>
> JJC
>
> On Thu, Mar 11, 2010 at 8:24 AM, Matt Olney <molney at ...1935...> wrote:
>>
>> While not an official project, JJ is one of our very best SEs and does
>> some good work.  Move to Pulled Pork when you can, he's as plugged in
>> as it gets.
>>
>> As an aside, Andy if you can drop a list of rules customers are
>> interested in to me, I might (schedule pending) be able to give some
>> feedback as to why they were shipped disabled.
>>
>> Matt
>>
>> p.s. Don't tell JJ I'm talking good about him, don't need him getting
>> uppity.
>>
>> On Thu, Mar 11, 2010 at 9:57 AM, Andy Berryman <aberryman at ...14758...>
>> wrote:
>> > I've been reading and it seems Oinkmaster can't handle the SO rules but
>> > pulled pork can. I've also read in pulled pork I can make it default to
>> > every rule being turned on and then I can turn off from there. I see
>> > it's
>> > maintained by JJ, but is it a "supported" Sourcefire way to pull rules?
>> >
>> >
>> >
>> > We currently use Oinkmaster, but I like the option to have all rules
>> > enabled
>> > by default then tune my rule set myself. We currently get the 2.8_s rule
>> > set
>> > and a bunch of rules are turned off by default.
>> >
>> >
>> >
>> > We also use the FC-5 rules, so does that kind of make the pullepork
>> > advantage pointless in the area of being able to handle SO rules?
>> >
>> >
>> >
>> > We are an integrator and I constantly have customers asking me why we
>> > don't
>> > have certain rules. So, when I research, it turns out we do, they were
>> > just
>> > turned off by default by Sourcefire.
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Andy Berryman
>> >
>> >
>> >
>> >
>> >
>> > ________________________________
>> > This message from Cymtec Systems, Inc. contains confidential information
>> > and
>> > is solely for the use of the recipient(s) named above. If you are not
>> > the
>> > intended recipient or an agent responsible for delivering it to the
>> > intended
>> > recipient, you are hereby notified that you have received this message
>> > in
>> > error and that any review, disclosure, copying, distribution or use of
>> > the
>> > contents of this message is strictly prohibited. If you have received
>> > this
>> > message in error, please destroy it immediately and notify Cymtec
>> > Systems,
>> > Inc. by telephone at +1.314.993.8700 or by return e-mail.
>> > ________________________________
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Download Intel® Parallel Studio Eval
>> > Try the new software tools for yourself. Speed compiling, find bugs
>> > proactively, and fine-tune applications for parallel performance.
>> > See why Intel Parallel Studio got high marks during beta.
>> > http://p.sf.net/sfu/intel-sw-dev
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>




More information about the Snort-users mailing list