Jump to content

New to PulledPork- Dealing with SO_RULE

scowles
 Share

Recommended Posts

scowles Newbie

scowles

Posted
Posted (edited)

I have completed installing and configuring for PulledPork.  Now I see all of these SO_RULES in the snort.conf file.  They are all commented out.  I am not catching any events.

I see no other rules in snort.conf other than SO_RULEs.  Are there supposed to be regular rules there?  If yes, how do I get them there?

I have started to read-

SO_Rules are not compatible with Windows.

Edited by scowles
Clarification
Morpheus Newbie

Morpheus

Posted
Posted

All the riles are now compiled into a single winids.rules file. If you are not catching events then there are a few reasons why.

1) HOME_NET is not set correctly

2) The '-ix' switch in the run line is pointing to the wrong interface

3) The Windows Intrusion Detection System is plugged into a switch that either is not capable of mirroring. or mirroring is not setup.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...