Last Updated: 2010-04-27 12:06:02 UTC
by Joel Esler (Version: 2)
PulledPork is the 'newest' Snort rule updater. Written by JJ Cummings, a Sourcefire guy like myself, and maintainer of https://www.openpacket.org, is a great way to keep your Snort rules up to date. In addition to all the wonderful things that PulledPork does already (namely, it updates and auto-maintains Snort's SO rules!), the new version has these features:
- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.
- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.
- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.
- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.
- Handle preprocessor and sensitive-information rulesets
- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur
- Cleaned up href pointers, syntatical purposes only...
- Modified master config to allow for better readability on smaller console based systems
- Error output was not always returning full error
Be sure and go here to download the newest update!