I'm trying to figure out best practice for running Snort on OpenWrt (18.06.01). I can get the package running but there are some challenges:
1. Setting up rule sets natively is extremely manual.
2. Correcting rule errors is challenging
3. Information on best rule sets to use (preprocessor, rules to use, Shared objects) information is non-existing.
So here are my questions:
1. Can I use pulledpork to process the rules updates off-box using CentOS 7?
2. If the above isn't the right methodology, what is the best way to automate correcting rules errors?
3. Is there best practice information about running Snort on embedded OS devices?
Thanks in Advance for the Assist!