https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3782858#M32303 <P>Hello!</P> <P>I'm using Sourcefire IPS and I'm reviewing the signature alerts... I scheduled a report that show me which specific snort signature triggered in a specific time frame, something like:</P> <P>&nbsp;</P> <P>SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Because we use different layers in the intrusion policy will be very useful to add to the report the layer in which the signature are.<BR />(The reason of this is that a specific layer is including the latest snort rules, while the others older ones, so I would like to filter the events based on the layer to investigate only the new ones and not previous events.)</P> <P>&nbsp;</P> <P>The output should be a report in csv like:</P> <P>SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY&nbsp; , ( Layer )</P> <P>&nbsp;</P> <P>Do you know how to export this? What is the best way to review these events? Any experience?</P> <P>&nbsp;</P> <P>Many thanks! Ric</P> Fri, 21 Feb 2020 16:40:39 GMT rick11 2020-02-21T16:40:39Z https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3782858#M32303 <P>Hello!</P> <P>I'm using Sourcefire IPS and I'm reviewing the signature alerts... I scheduled a report that show me which specific snort signature triggered in a specific time frame, something like:</P> <P>&nbsp;</P> <P>SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Because we use different layers in the intrusion policy will be very useful to add to the report the layer in which the signature are.<BR />(The reason of this is that a specific layer is including the latest snort rules, while the others older ones, so I would like to filter the events based on the layer to investigate only the new ones and not previous events.)</P> <P>&nbsp;</P> <P>The output should be a report in csv like:</P> <P>SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY&nbsp; , ( Layer )</P> <P>&nbsp;</P> <P>Do you know how to export this? What is the best way to review these events? Any experience?</P> <P>&nbsp;</P> <P>Many thanks! Ric</P> Fri, 21 Feb 2020 16:40:39 GMT https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3782858#M32303 rick11 2020-02-21T16:40:39Z https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3784146#M32313 <P>From my experience source fire is excellent IPS/IDS however, when it come to reporting its not as good.</P> Mon, 21 Jan 2019 10:39:06 GMT https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3784146#M32313 Sheraz.Salim 2019-01-21T10:39:06Z https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3900293#M32321 <P>Hello,</P><P>any advice on the topic?</P> Tue, 30 Jul 2019 19:35:38 GMT https://community.cisco.com/t5/network-security/ips-signature-layer-reports/m-p/3900293#M32321 rick11 2019-07-30T19:35:38Z