Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
4
Helpful
2
Replies

Firesight detection engine

filterfilter
Level 1
Level 1

‎09-04-2016 09:07 PM - edited ‎03-12-2019 06:07 AM

Hi,

I have a case that a potential positive injection using API related coding was passing through our IPS, and no intrusion event was seen on Intrusion event. I check the documentation and found out that snort combines signature, protocol and anomaly for inspection methods.

what would be the possible reason that it happened? was the attempt not matching any Snort rules for injection or 3 of the methods it use? 

any insight would be very helpful, Thanks!

Labels:
0 Helpful
2 Replies 2

chris.proudlock
Level 1
Level 1

‎09-12-2016 08:17 AM

I would have guessed that it passed because no rules specifically looking for your applications API exist.

You could write one of your own?

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee

‎09-13-2016 06:19 AM

Hello ,

Its advisable that customers can create custom snort detection rules.

Here are some helpful links.

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html

Rate and mark correct the helpful posts

Regards

Jetsy 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card