PulledPork is the 'newest' Snort rule updater. Written by JJ Cummings, a Sourcefire guy like myself, and maintainer of https://www.openpacket.org, is a great way to keep your Snort rules up to date. In addition to all the wonderful things that PulledPork does already (namely, it updates and auto-maintains Snort's SO rules!), the new version has these features:
New Features/changes:
- Flowbit tracking! - This means that all flowbits are not enabled whena specific base ruleset is specified (security etc...) but rather allflowbits are now tracked, allowing for only those that are requiredto be enabled.
- Adjusted pulledpork.conf to account for new snort rules tarball namingand packing scheme, post Snort 2.8.6 release.
- Added option to specify all rule modification files in the masterpulledpork.conf file - feature request 19.
- Added capability to specify base ruleset (see README.RULESETS) in masterpulledpork.conf file.
- Handle preprocessor and sensitive-information rulesets
Bug Fixes:
- 18 - non-rule lines containing the string sid:xxxx were being populatedinto the rule data structure, added an extra check to ensure that thisdoes not occur
- Cleaned up href pointers, syntatical purposes only...
- Modified master config to allow for better readability on smaller consolebased systems
- Error output was not always returning full error
Be sure and go here to download the newest update!
http://code.google.com/p/pulledpork/
Be sure and read myothertwoposts in order to make sure you are fully up to date with everything going on.


-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.