Dheeraj
Dheeraj
I have also encountered this issue. There is a large difference between how Snort2 and Snort3 handle and package SO rules. I will try to document my findings here. ##...
@shirkdog I have created PR #363 which modifies pulledpork script so that it can be used to dump dynamic rules in both Snort2 and Snort3. I have tested it and...
I think this can now be closed as #363 has merged. There may be a need to update documentation regarding distros for Snort3 being different from Snort2.
@seanjowen I tried it on my system with and without the paranthesis (`(` and `)`) and both times the rules extracted OK. I am on CentOS-7 (although I manually set...
@seanjowen Thanks for clearing it up! And thanks goes to @shirkdog who is the author/maintainer.
This is more in line with #359 and even that can now be closed as #363 has now merged. But the problem I see here is that with Snort3 there...
Seeing as ES-8x is now pretty stable, it would be great to have a DSL-8.x release. We have jobs that rely on DSL and we are not sure if existing...
@PlugaruT You can clone the source, edit the file and change version to anything unreleased (7.4.1 or 7.5 or even 7.9.9). Then build the python package and use it directly...
We are facing a similar issue while runnign Zeek-4.1.1 on CentOS-7. In our case, we are sure that our IO cannot keep up with the pace of event generation during...
@timwoj I have enable jemalloc profiling. Unfortunately I am on CentOS-7 and the jemalloc binary is v3.6.0 which does not provide `jeprof`, so plugin's processing is not working. I do...