Suricata & paid Snort subscription rules
-
Hi community I'm after some advice on how I would check my config is downloading the paid Snort subscription rules vs the free registered rules
I have entered in my Oinkmaster code & the file name but the filename stays the same between registered & subscription
-
There is no difference in the filenames. What is different is the content within the files. Paid subscriptions get new rules immediately upon them being created. Free users get new rules only after they have been in the paid file for 30 days. The Snort servers know which file to send you based on your Oinkcode. It is part of the URL submitted by the rules update process from the Snort and Suricata packages. So your Oinkcode is embedded into the URL used by the rules update process, and the Snort VRT servers decode it and based on your status (paid or free), then send down the correct version of the rules file. But both versions have the same name – just potentially different content.
Bill
-
That makes sense thanks for the reply
-
At the risk of reviving an old thread…
You can compare the md5 checksum in your snort updates page against the md5 checksums on the download page at snort.org.
