search

shirkdog / pulledpork

Pulled Pork for Snort and Suricata rule management (from Google code)
GNU General Public License v2.0
419 stars 133 forks source link

Process Snort 3 rules #297

Closed vrtadmin closed 3 years ago

vrtadmin commented 6 years ago

Since Snort 3's ruleset is different in structure, there is going to be a lot to look at in pulledpork to ensure compatibility to handle the different functions of pulledpork. (Drop enablement, policy usage, suppression, commenting rules out, ignoring rules, etc.)

DigiAngel commented 3 years ago

Any status on this?

finchy commented 3 years ago

It should work with the older snortrules-snapshot structure, AFAIK. PulledPork doesn't yet handle the light speed package.

DigiAngel commented 3 years ago

Ok cool...might have to just grep/sed/awk my way to freedom until this pans out :)

DigiAngel commented 3 years ago

This does not appear to be the case:

Checking latest MD5 for snortrules-snapshot-3140.tar.gz....
Error downloading https://www.snort.org/rules/snortrules-snapshot-3140.tar.gz.md5?oinkcode=<snip>: 422 Unprocessable Entity [ 422 ]
finchy commented 3 years ago

Creating a new rule package each snort 3 release will become unsustainable really fast. PulledPork 3 that supports LSP needs to be where we go. 3140, in the meantime, will be posted tomorrow.

finchy commented 3 years ago

Closing this, as this work has shifted to pulledpork3