[Snort-users] Fine tuning Snort

Joel Esler jesler at ...1935...
Sat Oct 9 13:04:18 EDT 2010


The biggest change is that pulledpork manages your rules. All rules are therefore put into one file.  Instead of the broken out categories. 

Plus you get the ability to manage your rulesets by the Sourcefire default recommendations. 


Sent from my iPhone

On Oct 9, 2010, at 10:19 AM, James Lay <jlay at ...13475...> wrote:

> Thanks Shawn....I suspect I will have to go to Pulled Pork at some
> time...I hope it's not too much of a hassle ;)
> 
> James
> 
> On 10/8/10 10:02 AM, "Jefferson, Shawn" <Shawn.Jefferson at ...14448...>
> wrote:
> 
>> PulledPork has this functionality built in.. you can disable rules based
>> on a PCRE.  I don't run McAfee VirusScan for instance, so I can disable
>> all current and all future rules for it.  Also, it's currently being
>> developed, unlike Oinkmaster.
>> 
>> 
>> -----Original Message-----
>> From: Josh Little [mailto:josh at ...14998...]
>> Sent: Friday, October 08, 2010 6:09 AM
>> To: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Fine tuning Snort
>> 
>> I have a small tool written in Perl called Pigsty that will automate
>> finding any sigs in your enabled ruleset that match a pattern. The tool
>> will output a list of disablesid lines that you can then drop into your
>> oinkmaster.conf file or have the tool directly append the file. This
>> makes cleaning up your current rules much easier. You could probably
>> modify the oinkmaster perl script to run Pigsty just after the latests
>> sigs are downloaded and before the routine for commenting out disabled
>> sids completes.
>> 
>> Find it at http://zombietango.com/blog/tools/
>> 
>> ZT
>> 
>> 
>> --------------------------------------------------------------------------
>> ----
>> Beautiful is writing same markup. Internet Explorer 9 supports
>> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
>> Spend less time writing and  rewriting code and more time creating great
>> experiences on the web. Be a part of the beta today.
>> http://p.sf.net/sfu/beautyoftheweb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list