scowles Posted June 4, 2015 Report Posted June 4, 2015 (edited) I have completed installing and configuring for PulledPork. Now I see all of these SO_RULES in the snort.conf file. They are all commented out. I am not catching any events. I see no other rules in snort.conf other than SO_RULEs. Are there supposed to be regular rules there? If yes, how do I get them there? I have started to read- SO_Rules are not compatible with Windows. Edited June 5, 2015 by scowles Clarification
Morpheus Posted June 5, 2015 Report Posted June 5, 2015 All the riles are now compiled into a single winids.rules file. If you are not catching events then there are a few reasons why. 1) HOME_NET is not set correctly 2) The '-ix' switch in the run line is pointing to the wrong interface 3) The Windows Intrusion Detection System is plugged into a switch that either is not capable of mirroring. or mirroring is not setup.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now