[Snort-users] Pulled Pork

JJ Cummings cummingsj at ...11827...
Tue Oct 30 09:58:54 EDT 2012


Pulledpork is free, just like snort itself.

Sent from the iRoad

On Oct 30, 2012, at 3:14, Peter Bates <peter.bates at ...15381...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hello all
> 
> On 30/10/2012 08:49, k vijay sai prashanth wrote:
>> So basically there is a 30 day trial during which you can only update the
>> rules once 15 minutes? Isn't that a reasonable enough amount of time? How
>> much is small amount that you are referring to? I wanted to install
>> PulledPork for the IDS installed for my organization. Is this an annual
>> amount?
> 
> You might be best looking at:
> http://www.snort.org/vrt/buy-a-subscription
> 
> In a nutshell - you can register for an account on snort.org, get an 'oinkcode'
> and then download the rules for free - but they will be 30 days behind.
> 
> The paid subscription gives you access to the rules when they are released.
> 
>> Also about installing a front-end for my snort. What is the ideal
>> database architecture when dealing with multiple sensors. Does each sensor
>> have its own database or do all the sensors log events to a common database
>> server on which the front-end software [like snorby or aanval] is installed
>> or is there any other way this is implemented.
> 
> The latter makes more sense - have Snort write unified2 logfiles, then use Barnyard2
> to write to your database.
> It's important to set unique values for your sensors - if they're on different hosts
> then the hostname will be used but if you have multiple instances running on the same host
> you probably need to look at the -i option for Barnyard2.
> 
> - -- 
> Peter Bates
> Senior Information Security Officer   Phone: +44(0)2076792049
> Information Services Division          Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJQj5pmAAoJELhVoVpEMS6RCTQH/09Sci/TMznnZCeoRb73lTOH
> uwzZSRklg/YG/9lQy4zOrjwqhMC7Uk3KLAGBmtugUnVDe0KLQEGxfKtDJH1XQzx2
> K821t0YzDkbesZjnG0Uu/+qOpV7E4J+Wxnv3cUM9Ylc0m/JruMILkSCDuOs6Ax1g
> ocA76Qr7Sbz9mKgDG17fHZuokBpZ2tbYhn1lSV+rv7iWTu2P8zqyCV0Uxl4M4vNp
> aMcOqzF7jf3WqqgnMnCwBU1BhKPytEHE5tjqAcnzedtw5lYihcCzd31pgYNMu0lq
> mW8Kullbv3g+N2PVot/uMnmpDXRU6EzN8o+xF5iR4an3OX+VHEho8WqfViDTVYk=
> =MJC1
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list