Snort mailing list archives
Re: Are so rules needed?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 26 Sep 2014 21:12:15 +0000
Obviously you’ll be missing the detection that is present inside those files. However, the majority of the Shared Object rules contain the source code shipped in the tarball, you can compile them on your own machine. The only detection you miss will be the precompiled ones, as you mentioned, of which there are only a few left. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Sep 26, 2014, at 1:14 PM, Robert Millott <robm () millottandassociates com<mailto:robm () millottandassociates com>> wrote: I'm running Snort/Barnyard on Gentoo. I am trying to configure PullePork to handle my rule management. From what I can determine, there are no so_rules precompiled for Gentoo. I am not sure if I can get one of the other distros to work for it, but my question is, what am I missing if I don't have the so rules? Are the shared Object rules required and if I don't run them, am I missing any major functionality? Thanx for the help -- Robert Millott President, Millott and Associates (443) 255-3588 ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Are so rules needed? Robert Millott (Sep 26)
- Re: Are so rules needed? Joel Esler (jesler) (Sep 26)