Sign in to follow this  
Followers 0
scowles

New to PulledPork- Dealing with SO_RULE

2 posts in this topic

I have completed installing and configuring for PulledPork.  Now I see all of these SO_RULES in the snort.conf file.  They are all commented out.  I am not catching any events.

I see no other rules in snort.conf other than SO_RULEs.  Are there supposed to be regular rules there?  If yes, how do I get them there?

I have started to read-

SO_Rules are not compatible with Windows.

Edited by scowles
Clarification

Share this post


Link to post
Share on other sites

All the riles are now compiled into a single winids.rules file. If you are not catching events then there are a few reasons why.

1) HOME_NET is not set correctly

2) The '-ix' switch in the run line is pointing to the wrong interface

3) The Windows Intrusion Detection System is plugged into a switch that either is not capable of mirroring. or mirroring is not setup.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0