- Emerging Threats GPL (no oinkcode required)
- Emerging Threats PRO (requires ETPRO oinkcode)
- Snort VRT ruleset and Emerging Threats NoGPL ruleset (requires Snort VRT oinkcode)
- Snort VRT ruleset only and set a VRT policy (requires Snort VRT oinkcode)
Thanks!
Devlin,
The community ruleset (Emerging Threats GPL (no oinkcode required)) does not require an oinkcode, however, the others require an oinkcode, obtained via a paid subscription.
Each ruleset may have different/additional/more rules not available in the community ruleset.
You can see more about the rulesets here:
https://www.snort.org/downloads
https://www.snort.org/talos
http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ
https://www.proofpoint.com/us/solutions/products/threat-intelligence/ET-Pro-Ruleset
You can find out which ruleset(s) you currently have enabled (it wil be un-commented), by navigating to /etc/nsm/pulledpork/pulledpork.conf
Thanks,
Wes
Thank you,
D.
Devlin,
You shouldn't need an oinkcode for the community rules.
You can just select the first ruleset during setup and you should be good to go.
Otherwise, if you wish to use the other rulesets, you will need to pay for the ruleset subscription.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
I think you still need an oinkcode for the community Sourcefire rules. You can get one by creating a login.
Shane
Kyle,
In the future, please start a new thread before replying to an old one:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists#start-a-new-thread-instead-of-replying-to-an-old-one
The registered option, as described, requires an oinkcode, which can be entered during setup or in /etc/nsm/pulledpork/pulledpork.conf.
The subscriber option also requires an oinkcode, which can be entered during setup or in /etc/nsm/pulledpork/pulledpork.conf.
The community ruleset does not require an oinkcode, and should be enabled (/etc/nsm/pulledpork/pulledpork.conf) when a registered option is used.
You could consider the registered option in-between that of subscriber and community ruleset -- it does not cost anything to use, but it requires registration.
Thanks,
Wes