New Features/changes:
- Flowbit tracking! - This means that all flowbits are not enabled when a specific base ruleset is specified (security etc...) but rather all flowbits are now tracked, allowing for only those that are required to be enabled.
- Adjusted pulledpork.conf to account for new snort rules tarball naming and packing scheme, post Snort 2.8.6 release.
- Added option to specify all rule modification files in the master pulledpork.conf file - feature request 19.
- Added capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file.
- Handle preprocessor and sensitive-information rulesets
Bug Fixes:
- 18 - non-rule lines containing the string sid:xxxx were being populated into the rule data structure, added an extra check to ensure that this does not occur
- Cleaned up href pointers, syntatical purposes only...
- Modified master config to allow for better readability on smaller console based systems
- Error output was not always returning full error
Be sure and go here to download the newest update!
http://code.google.com/p/pulledpork/
Be sure and read my other two posts in order to make sure you are fully up to date with everything going on.
Subscribe to:
Post Comments (Atom)
Evernote, Omnifocus, and my productivity
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
1. I don't feel like I have much to say. I do a tremendous amount of writing and blogging on the Snort, ClamAV, and Talos blogs. So...
1 comment:
[...] This post was mentioned on Twitter by JoelEsler, JoelEsler. JoelEsler said: PulledPork v0.4.1 released! http://goo.gl/fb/1FM1s [...]
Post a Comment