https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453138#M99274 <HTML><HEAD></HEAD><BODY><P>hi, that was a cool link.</P><P></P><P>But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.</P><P></P><P>I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.</P><P></P><P></P><P>regards</P><P>Kapish</P></BODY></HTML> Sat, 11 Jun 2005 01:20:00 GMT kapishmohole.cisco 2005-06-11T01:20:00Z https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453136#M99270 <P> </P><P>Hello, </P><P></P><P>To make real time detection more effective, </P><P></P><P>how to find the Cisco device alert pattern for real time detection of attack? </P><P></P><P>For example, SQL slammer worm, Cisco IDS will fire its related/specific signature. For any Trojan activity IDS will fire specific signature. </P><P></P><P>But how to find a signature patter, or packet pattern for session hijack, ip spoofing and other IP based attacks? (not related to applications) </P><P></P><P>Is there any knowledge source, which can show traffic/packet pattern generated by IP based attacks/protocol behavior in attack? What kind of alerts for what kind of attack, sequence of alerts, etc. </P><P></P><P>I am using netForensics for real time threat detection; I want to make some rules which will match the IP behavior/IDS signature generation pattern in progressing attack. </P><P></P><P>I am looking for such kind of knowledge base, if any one have experience in this please help me out. </P><P></P><P>Regards </P><P>Kapish </P><P></P> Sun, 10 Mar 2019 09:29:35 GMT https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453136#M99270 kapishmohole.cisco 2019-03-10T09:29:35Z https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453137#M99272 <HTML><HEAD></HEAD><BODY><P>Kapish,</P><P></P><P>Take a look at cs-mars. <A class="jive-link-custom" href="http://www.cisco.com/go/mars." target="_blank">www.cisco.com/go/mars.</A> This is an awesome reporting, analysis and mitigation system. I've been involved in Cisco security product for nine years and this is the most comprehensive security reporting and analysis system I've seen</P></BODY></HTML> Fri, 10 Jun 2005 17:36:22 GMT https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453137#M99272 gabelar 2005-06-10T17:36:22Z https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453138#M99274 <HTML><HEAD></HEAD><BODY><P>hi, that was a cool link.</P><P></P><P>But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.</P><P></P><P>I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.</P><P></P><P></P><P>regards</P><P>Kapish</P></BODY></HTML> Sat, 11 Jun 2005 01:20:00 GMT https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/453138#M99274 kapishmohole.cisco 2005-06-11T01:20:00Z https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/3762529#M99276 <P><SPAN><A href="https://www.nwexam.com/cisco/cisco-600-199-certification-exam-syllabus" target="_blank"><STRONG>Threat protection</STRONG></A> is comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology.</SPAN></P> Thu, 27 Dec 2018 04:29:36 GMT https://community.cisco.com/t5/network-security/real-time-threat-detection/m-p/3762529#M99276 nikki_carol 2018-12-27T04:29:36Z