Ongoing updating

2 posts in this topic

I have followed your excellent tutorials and installed WinIDS with MySQL, Barnyard2 and Pulled Pork. Before I got Pulled Pork installed, I had lots of alerts, but after applying it, I haven't seen any new alerts since last thing on Friday. I hope that is a good thing!.

To keep the rules up to date, do I create a Schedule Task to run a batch file with:

rd d:\winids\snort-old /S /Q

xcopy /E /I d:\winids\snort d:\winids\snort-old

perl d:\winids\pulledpork\ -c d:\winids\pulledpork\etc\pulledpork.conf -T

net stop snort & net start snort

Perhaps once per day?

Share this post

Link to post
Share on other sites

Pulledpork runs a specific set of rules based on policy set in the pulledpork.conf. There are 4 conf files located in the etc folder that will include, exclude, disable, or drop rules based on your specific needs.

The default set of activated rules prior to installing PulledPork has more rules activated by default. PulledPork drills down into the more relevant rules based on policy.

You will need to figure out what is best to include or exclude based on your needs using the .

There is a Pulledpork user group that could be very helpful here. Also, you can ask questions in the Snort-Mailing list.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now