Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
1
Replies

Creating signatures in CSM

jhall0007
Level 1
Level 1

‎03-17-2015 04:11 AM - edited ‎03-10-2019 06:20 AM

All,

 

I am trying teach myself how to write simple signatures and was wondering if anyone could give me some advice. Specifically, I am trying to create a signature that will hit on any DNS queries asking for anything other than a few dot extensions (i.e. anything other than .edu, gov, etc). I am looking at different regular expressions but struggling finding the correct logic of multiple negations. Has anyone tried to do something similar, any advice?

 

Thanks,

Labels:
0 Helpful
1 Reply 1

androdri
Level 1
Level 1

‎03-22-2015 07:41 AM

Hello,

 

There is a guide that might be of some help to you for writing custom signatures it can be found at:

http://www.cisco.com/web/about/security/intelligence/ips_custom_sigs.html

 

If you continue to have questions you can email ipssig-customer-request to get some guidance on writing your custom signature.  Include a complete description of what you are trying to fire on and not fire on,  a good traffic sample.   Please note the signature you are trying to write will probably fire a lot and may cause performance degradations or may false positive. 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card