Re: Effective way to test IDS

ryan14 · ‎01-14-2020

Is there any safe way to test Firepower's IDS policy on a machine to see if the IDS policy is working? I know of the EICAR test for detecting malicious files, but is there an equivalent site we can go to for IDS testing?

Abheesh Kumar · ‎01-14-2020

Hi,

Try some penetration testing tools like Metasploit.

Hope This Helps

Abheesh

ryan14 · ‎01-14-2020

Does this tool allow you to test an end-user PC to see if it is protected from ransomware or other vulnerabilities?

nspasov · ‎01-14-2020

I have personally used Qualys in the past. They have a personal/community edition that is free of charge that does not include all features and can scan a limited number of IPs. However, if you end up liking it, you can get the paid version:

https://www.qualys.com/community-edition/

I hope this helps!

Thank you for rating helpful posts!

ryan14 · ‎01-14-2020

Is it safe to say that Firepower can protect against most common ransomware assuming it matches the appropriate rule with DPI/Intrusion policy enabled or is that more of a function of the security intelligence?

johnlloyd_13 · ‎01-15-2020

hi,

you can test the FP intrusion policy/rule by performing a penetration test.

i tried kali linux 'armitage' to trigger them.

see helpful link:

http://wannabecybersecurity.blogspot.com/2019/08/configuring-cisco-fmc-intrusion-policy.html