Q: How do I set up the DC to automatically get the Sourcefire VRT rules updates? Bleeding snort?

A:

I don't know the sure answer to this yet. Operations//Update seems to deal with only patching the system, not rules updates. Policy & Response//Intrusion Sensor//Rules has an "import rules" link. This leads to a screen where you can either being in any textfile containing rules, or "Download new SEU" from the support site. I bought a VRT subscription, so perhaps when I download SEU I am automatically getting teh latest ruleset. There's no practical way to tell from the console. There are some options under Operations//Tools//Scheduling which say "download latest SEU" and "install latest SEU" but it's unclear how this works and how the workflow needs to progress (after install latest, do you need to then apply policy?) I'm going to RTFM before asking for support.