Sagan support for pulledpork is limited only by the explicit file extension
matching in pulledpork's
sub rule_extract
Pulledpork does work to download, extract, and parse the .rule files. What does
not work is that pulledpork drops the other files that are not matched in the
rule_extract subroutine. Pulledpork also does not warn that unknown file types
were not examined, or saved.
Sagan and other similar snort based rulesets were supported by oinkmaster's
"update_files" directive.
update_files = \.rulebase$|\.rules$|\.config$|\.conf$|\.txt$|\.map$
Pulledpork could be updated to include a similar know file directive, or a
unknown filetype write directive to directory.
pullpork options:
-x Keep unknown filetypes in the archive?
-U Where do you want me to put unknown filetypes in the archive that are not
processed by pulledpork?
FYI: Sagan was supported in oinkmaster for awhile.
https://wiki.softwink.com/bin/view/Main/SaganOinkmaster
http://sagan.quadrantsec.com/rules/
Original issue reported on code.google.com by shado...@gmail.com on 7 May 2012 at 11:31
Original issue reported on code.google.com by
shado...@gmail.comon 7 May 2012 at 11:31