topic Re: IPS signature update export in Network Security

IPS signature update export

rick11 — Fri, 21 Feb 2020 15:07:38 GMT

Hello,

I have this problem, every few month the IPS sourcefire signature got updated , let's say that the update might contain up to 5000 signatures (average)

From where can I download the database/signature list in advance to decide which signature to enable/disable?

The goal is to analyze the rule before enabling them , at the moment I enable all and then disable but it's generating a lot of false positives

Any idea or experience?

Re: IPS signature update export

Dennis Mink — Wed, 17 Jan 2018 11:07:51 GMT

do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not?

if so, the reports section contains such a list

Re: IPS signature update export

Dennis Mink — Wed, 17 Jan 2018 11:10:56 GMT

do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not? if so, the reports section contains such a list

Re: IPS signature update export

rick11 — Wed, 17 Jan 2018 11:38:08 GMT

I don't see a list in report section, maybe do we need to add a template?