weslambert edited this page Oct 3, 2017 · 6 revisions

Configuration

Rulesets are chosen during setup and are specified in /etc/nsm/pulledpork/pulledpork.conf.
If you change the the configuration in pulledpork.conf, then you will need to run rule-update (if in a server/sensor deployment, run rule-update on the master first, then the sensor, or wait for it to be replicated).

Options

Security Onion offers the following choices for rulesets to be used by Snort/Suricata:

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.