Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: PulledPork v0.4.1 is released! SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PulledPork v0.4.1 is released!


PulledPork is the 'newest' Snort rule updater.  Written by JJ Cummings, a Sourcefire guy like myself, and maintainer of, is a great way to keep your Snort rules up to date.  In addition to all the wonderful things that PulledPork does already (namely, it updates and auto-maintains Snort's SO rules!), the new version has these features: 

New Features/changes:

- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.

- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.

- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.

- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.

- Handle preprocessor and sensitive-information rulesets

Bug Fixes:

- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur

- Cleaned up href pointers, syntatical purposes only...

- Modified master config to allow for better readability on smaller console based systems

- Error output was not always returning full error

Be sure and go here to download the newest update!

Be sure and read my other two posts in order to make sure you are fully up to date with everything going on.


-- Joel Esler | |


454 Posts
ISC Handler
Apr 27th 2010
The certificate of your friends' site has expired in March...

7 Posts

Good observation, I'll try to get it updated shortly!

Sign Up for Free or Log In to start participating in the conversation!