[Snort-users] Pulledpork Item

JJC cummingsj at ...11827...
Mon Jun 27 13:01:17 EDT 2011


Bill,

I already responded in the other message that you sent to the PP google
group, but I'll paste below my response:

like a local rules file?
> There is a script under contrib/ of pulledpork that converts oinkmaster
> stuff to pulledork configs


JJC

On Mon, Jun 27, 2011 at 10:54 AM, Bill Pickens <wmpickens at ...11827...> wrote:

> Hopefully I can get an answer in this forum.
>
> Hello Everyone,
> I have been working with snort for about a year and have managed
> signatures using other products.
> I was looking into using PP as another option.
>
> I downloaded 0.6.0 and have it functioning.
>
> Can PP read exisitng rule files that have disabled rules by comment in the
> rule file and build the new rules files with the existing disabled rules,
> disabled?
>
> If not, does someone have a unix shell script that can create a
> disablesid.conf from exiting rules files?
>
> Thanks for any help.
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110627/d2288fa0/attachment.html>


More information about the Snort-users mailing list