https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997861#M1019270 <P>Hi,</P> <P></P> <P>I have a case that a potential positive&nbsp;injection using API related coding&nbsp;was passing through our IPS, and no&nbsp;intrusion event was seen on Intrusion event. I check the documentation and found out that snort combines signature, protocol and anomaly for inspection methods.</P> <P></P> <P>what would be the possible reason that it happened? was the&nbsp;attempt not matching any Snort rules for injection or 3 of the methods it use?&nbsp;</P> <P></P> <P>any insight would be very helpful, Thanks!</P> <P></P> <P></P> Tue, 12 Mar 2019 13:07:27 GMT filterfilter 2019-03-12T13:07:27Z https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997861#M1019270 <P>Hi,</P> <P></P> <P>I have a case that a potential positive&nbsp;injection using API related coding&nbsp;was passing through our IPS, and no&nbsp;intrusion event was seen on Intrusion event. I check the documentation and found out that snort combines signature, protocol and anomaly for inspection methods.</P> <P></P> <P>what would be the possible reason that it happened? was the&nbsp;attempt not matching any Snort rules for injection or 3 of the methods it use?&nbsp;</P> <P></P> <P>any insight would be very helpful, Thanks!</P> <P></P> <P></P> Tue, 12 Mar 2019 13:07:27 GMT https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997861#M1019270 filterfilter 2019-03-12T13:07:27Z https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997862#M1019271 <P>I would have guessed that it passed because no rules specifically looking for your applications API exist.</P> <P></P> <P>You could write one of your own?</P> Mon, 12 Sep 2016 15:17:33 GMT https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997862#M1019271 chris.proudlock 2016-09-12T15:17:33Z https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997863#M1019272 <P>Hello ,</P> <P>Its advisable that customers can create custom snort detection rules.</P> <P>Here are some helpful links.</P> <P>http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html</P> <P>Rate and mark correct the helpful posts</P> <P></P> <P>Regards</P> <P>Jetsy&nbsp;</P> <P></P> Tue, 13 Sep 2016 13:19:05 GMT https://community.cisco.com/t5/network-security/firesight-detection-engine/m-p/2997863#M1019272 Jetsy Mathew 2016-09-13T13:19:05Z