pulledpork
pulledpork copied to clipboard
shirkdog
Pulled Pork for Snort and Suricata rule management (from Google code)
``` pid_path=/var/snort/*/*pid* or whatever. ``` Original issue reported on code.google.com by `[email protected]` on 24 Feb 2012 at 8:34
``` I thought I opened a bug on this, but looking back apparently I didn't... The biggest problem I run into with PP is that there is only one enable...
``` Made the switch from et open to et pro. Using PP7.0, command line is here: /opt/bin/pulledpork.pl -v -l -P -c /opt/etc/snort/pp.conf ignore=emerging-policy.rules doesn't work Prepping rules from etpro.rules.tar.gz for...
I have been trying to compare results of different snort rules with different policies; Connectivity;Security;Balanced;No-policy. While setting these for downloading different community rules using Pulledpork, I was able to download...
Updates are required to support Snort/Suricata enhanced rule updates for ET Pro: For working versions of Snort: Snort v2.8.6.0-enhanced becomes snort-2.8.6-enhanced in the URL Snort v.2.9.8.3-enhanced becomes snort-2.9.0-enhanced in the...
Noticed some odd behavior if you accidentally pass a script to pulledpork that is not a configuration file (including itself pulledpork.pl -c pulledpork.pl) Should make sure bad things do not...
This will require some coding.. When a ruleset provider stops distributing a file (all together, not like, it's blank), for example protocol-icmp.so (a shared object rule file). PulledPork probably needs...
PP 0.7.0 completes normally in the terminal window. However PP 0.7.1 does not. My run line for PP is 'perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -vvT > d:\output.txt'. I'm using the same...
This issue is laziness, and should be addressed
From da_667 on IRC: Quick question for ya: How would one run pulledpork to update JUST the sid-msg.map? So my use case: add local rules update sid-msg.map and that's it