Subscription rules are served from this url. If your subscription is active you will receive the latest rules. If not you will receive the free rule package.
https://www.snort.org/rules/<file_name>?oinkcode=<oinkcode><file_name> - make sure to match the rule package with your snort version.
Example: https://www.snort.org/rules/<rulefile-name>?oinkcode=<oinkcode>
Community rules are served from this url. No oinkcode is required because these rules are free.
https://www.snort.org/rules/communityExample: https://www.snort.org/rules/community
PulledPork is a helper script that will automatically download the latest rules for you. PulledPork will determine your version of snort
Crontab Entry
Below is an example that will run pulled pork and download the latest ruleset at 08:50 PM. It relies on the pulledpork.conf for its settings.
50 20 * * * pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -HThese are a few Basic Usage Examples for setting up a cron tab with pulled pork.
Config entries
Put these entries in your pulled pork config so it will be able to download the appropriate rule file.
rule_url=https://www.snort.org/rules/|snortrules-snapshot.tar.gz|<oinkcode>To get the docs if you want them, create a second rule_url entry.
rule_url=https://www.snort.org/rules/|opensource.gz|<oinkcode>