Updating snort rules automatically

security ids snort

Pulled Pork is now considered the recommended rule updating system for Snort. While it is not an official Sourcefire product, it is developed by a Sourcefire employee.

The syntax is slightly more complicated than oinkmaster, however a contributed script, oink-conv.pl, will read in your oinkmaster config and convert it to pulledpork syntax making system conversions much easier.

In addition to update standard rules, it is also capable of managing the so_rules that were previously a manual process.


Oinkmaster is the recommended and best way to keep your rules updated. It is a simple script that's why it hasn't been updated in a while.

This is a good howto: http://taosecurity.blogspot.com/2004/07/using-oinkmaster-to-update-snort-rules.html

Related

What are EC2 Best Practices?
"Touching" software deployment group policy programmatically or via script
The directory service has exhausted the pool of relative identifiers
Using wget to fetch password protected website (trac wiki page)
Finding the root cause of 100% iowait in Linux
Can Ubuntu/Samba access DFS shares on Windows Server?
Re-compiling PHP
Exclude files / dirs logrotate
Low disk space email alert
Does an ADFS v2 server have to be on the actual domain server?
Squid authentication encryption
Using slapcat to backup LDAP