Thursday, September 17, 2020

New version of PulledPork available on GitHub

The Snort community welcomes a new version of PulledPork on GitHub today.

Version 0.7.4 now supports Snort 3 and points to the new, correct, location of the IP blocklist. PulledPork is a Perl script that allows users to download new rules as soon as new vulnerabilities or exploits are discovered.

Here are some of the other changes in this version:

  • Supports updating of Snort 3.0 signatures (0.8 will be released when Snort 3.0 moves out of BETA).
  • Fixed some of the logic to allow updating with Perl on Windows
  • ability to modify rules via regex in modifysid.conf
  • Removal of opensource.gz processing (will speed up signature updating)
  • Updated OS Distro list to match so_rules
  • Added error checking around writing to directories that do not exist (i.e., block_list)
  • Updated for new location of block list