All Activity
This stream auto-updates
- Last week
-
The WinIDS installation includes a Rules Updater utility (located in the WinSnort group in the Start Menu). By default, this utility performs a standard rule sync with Sourcefire and applies updates automatically. For administrators who require remote monitoring, the utility includes an optional Email Utility. When activated, it sends a status report to a designated email address, confirming whether rules were updated, already current, or if a validation error occurred. Configuration Procedure To activate and configure the email notification system, follow these steps: 1. Open the Script for Editing Navigate to your WinIDS installation directory and locate the PowerShell script: Path: \scripts\rules-update.ps1 Action: Right-click the file and select Edit (or open it with Notepad/VS Code). 2. Enable the Mail Utility Locate the User Configuration section at the top of the script. Change the $sendmail value from 0 to 1: $sendmail = 1 # Activates the email reporting feature 3. Configure SMTP Settings Input your mail server details between the quotes in the configuration block: $smtpServer: Your mail server address (e.g., smtp.gmail.com or internal relay IP). $smtpPort: Use 587 for SSL/TLS or 25 for standard internal relays. $smtpUser / $smtpPassword: Enter valid credentials if your server requires authentication. $from / $to: Enter the sender and recipient email addresses. 4. Save and Test Save the file. Open the Start Menu and navigate to the WinSnort group. Click the Rules Updater link to execute the script. Observe the console output. If successful, you will see: An Email report of the Rules update has been sent... Troubleshooting & Support Execution Policy: Ensure the script is run with Administrative privileges. Port Blocking: If using Port 25, ensure your antivirus or firewall is not blocking outbound SMTP traffic from PowerShell. Logs: Check the \pulledpork\log\ folder for detailed execution logs if an update fails. Technical Support: Iissues during setup, please visit the WinSnort.com Forums under the Auto-Installer section for community-led support and troubleshooting tips. -
If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
-
If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
-
If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
-
If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and locate and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
-
Version
2 downloads
=============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder (Pass: w1nsn03t.c0m). ------------------------------------------------------------------------------- STEP 1: CONFIGURE THE DOWNLOADER/INSTALLER ------------------------------------------------------------------------------- * Navigate3 to the extraction folder and open the 'config.conf' in Notepad. Configure and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your 40-character Snort subscriber code. Save the file and eXit Notepad. ------------------------------------------------------------------------------- STEP 2: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Right-Click the Downloader.exe file and Run as administrator. NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in the $TempDir folder and re-run the script until all files are verified. ------------------------------------------------------------------------------- STEP 3: INSTALL SYSTEM ------------------------------------------------------------------------------- Once the downloads are complete, Right-Click the Installer.exe file and run as Administrator. The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- STEP 4: POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (Database Maintenance) =============================================================================== -
Version
0 downloads
=============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder (Pass: w1nsn03t.c0m). ------------------------------------------------------------------------------- STEP 1: CONFIGURE THE DOWNLOADER/INSTALLER ------------------------------------------------------------------------------- * Navigate3 to the extraction folder and open the 'config.conf' in Notepad. Configure and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your 40-character Snort subscriber code. Save the file and eXit Notepad. ------------------------------------------------------------------------------- STEP 2: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Right-Click the Downloader.exe file and Run as administrator. NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in the $TempDir folder and re-run the script until all files are verified. ------------------------------------------------------------------------------- STEP 3: INSTALL SYSTEM ------------------------------------------------------------------------------- Once the downloads are complete, Right-Click the Installer.exe file and run as Administrator. The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- STEP 4: POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (Database Maintenance) =============================================================================== -
Version
0 downloads
=============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder (Pass: w1nsn03t.c0m). ------------------------------------------------------------------------------- STEP 1: CONFIGURE THE DOWNLOADER/INSTALLER ------------------------------------------------------------------------------- * Navigate3 to the extraction folder and open the 'config.conf' in Notepad. Configure and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your 40-character Snort subscriber code. Save the file and eXit Notepad. ------------------------------------------------------------------------------- STEP 2: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Right-Click the Downloader.exe file and Run as administrator. NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in the $TempDir folder and re-run the script until all files are verified. ------------------------------------------------------------------------------- STEP 3: INSTALL SYSTEM ------------------------------------------------------------------------------- Once the downloads are complete, Right-Click the Installer.exe file and run as Administrator. The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- STEP 4: POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (Database Maintenance) =============================================================================== -
Version
0 downloads
=============================================================================== WINIDS v2.4 - AUTOMATED INSTALLER =============================================================================== This package automates the deployment of a complete Windows Intrusion Detection System. Designed for fresh installs of Windows 10/11 or Windows Server 2016-2024 (64-bit). ------------------------------------------------------------------------------- 1. PRE-INSTALLATION ------------------------------------------------------------------------------- * Ensure you are working on a fresh OS installation. * Extract this ZIP file into an empty folder (Pass: w1nsn03t.c0m). ------------------------------------------------------------------------------- STEP 1: CONFIGURE THE DOWNLOADER/INSTALLER ------------------------------------------------------------------------------- * Navigate3 to the extraction folder and open the 'config.conf' in Notepad. Configure and update the following four variables: $AllRules: Set to "Yes" for testing/high-volume logging or "No" for standard security defaults. $TempDir: Local path for downloaded support files (e.g., "D:\temp"). $WinIDSRoot: Local path for the final installation (e.g., "D:\winids"). $Oinkcode: Your 40-character Snort subscriber code. Save the file and eXit Notepad. ------------------------------------------------------------------------------- STEP 2: DOWNLOAD COMPONENTS ------------------------------------------------------------------------------- Right-Click the Downloader.exe file and Run as administrator. NOTE: If a download fails due to site security, manually download the specific version mentioned in the error, place it in the $TempDir folder and re-run the script until all files are verified. ------------------------------------------------------------------------------- STEP 3: INSTALL SYSTEM ------------------------------------------------------------------------------- Once the downloads are complete, Right-Click the Installer.exe file and run as Administrator. The process takes ~10 minutes. The system will automatically reboot 30 seconds after completion. ------------------------------------------------------------------------------- STEP 4: POST-INSTALLATION ------------------------------------------------------------------------------- After reboot, check the Start Menu for the "WinSnort" folder containing: * WinIDS Console (Event Monitoring) * Rules Updater (PulledPork Utility) * Database Utility (Database Maintenance) ===============================================================================