NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2010-08

Re: [Snort-users] Snorby SBSA

From: JJ Cummings (cummingsjgmail.com)
Date: Fri Aug 27 2010 - 13:16:08 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Another note, the current development version of pulledpork (svn) will let you download multiple rulesets and output a single unified sid-msg.map

Sent from the iRoad

On Aug 27, 2010, at 10:15, "Jefferson, Shawn" <Shawn.Jeffersonbcferries.com> wrote:

> Not exactly at the same time, but with separate configs... and you need to have your configs setup properly so that pulledpork creates the sid-msg.map by merging the two runs-by specifying the rule files as "local" rule files.
>
> There are a few things that pulledpork does different (and some of them automatically!) than oinkmaster, but once you figure that out, pulledpork is awesome.
>
> -----Original Message-----
> From: Joel Esler [mailto:jeslersourcefire.com]
> Sent: Friday, August 27, 2010 8:51 AM
> To: Christopher A. Libby
> Cc: snort-userslists.sourceforge.net
> Subject: Re: [Snort-users] Snorby SBSA
>
> Pulledpork will handle both ET and VRT rules at the same time, plus SO.
>
>
>
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
> worldwide. Take advantage of special opportunities to increase revenue and
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]