Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
2
Replies

FTD Snort3 questions

Go to solution
m1xed0s
Spotlight
Spotlight

‎11-15-2022 12:49 PM

I am just trying to plan for upgrading FMC/FTD to Snort3. Several features included in the Snort2 I can not find anymore under the Snort3 configuration pages. Just want to check here in case I missed certain options:

1. There is no "Global Rule Threadsholding" anymore in Snort3, right? If so, thats fine for me. It was a good and bad feature at the same time.

2. Is "Sensitive Data Detection", aka the poor man's DLP, still available in Snort3? I can not find it with my FMC v7.2 test VM. Wondering if it is removed as well in Snort3?

3. Does Snort3 still provides the "Dynamic Intrustion Rule states" for the Rate-based rule? Can not find it either within Snort3 configuration pages...

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎11-28-2022 06:36 PM

Hello,

1. Global Rule Threadsholding is a feature not supported by Snort3. For Snort 3 Threshold and suppression refer to this video to understand the process - https://www.youtube.com/watch?v=pharzZB1bYY 

 

2. 
Limitations for 7.0 Release
These features are available in Snort 2 but are not supported with Snort 3 for Firepower 7.0:
*       Snort 3 Policy Comparison
*       Custom Intrusion Rule editor
*       Firepower Recommendations
*       SNMP support
*       Sensitive Data Protection
*       Rule Dynamic state
These features may be supported in later releases

I could not find any confirmation of supporting it in the latest version 7.2.

 

You can apply custom sensitive data rules, but there is no longer sensitive data masking


3. Rule dynamic state is no longer available on Snort3 and Rate based rules are available in custom Network Analysis policy

On this link you can find more detailed information about Snort3
https://secure.cisco.com/secure-firewall/docs/snort-3-adoption 



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------




Reagrds
Divya Jain

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎11-28-2022 06:36 PM

Hello,

1. Global Rule Threadsholding is a feature not supported by Snort3. For Snort 3 Threshold and suppression refer to this video to understand the process - https://www.youtube.com/watch?v=pharzZB1bYY 

 

2. 
Limitations for 7.0 Release
These features are available in Snort 2 but are not supported with Snort 3 for Firepower 7.0:
*       Snort 3 Policy Comparison
*       Custom Intrusion Rule editor
*       Firepower Recommendations
*       SNMP support
*       Sensitive Data Protection
*       Rule Dynamic state
These features may be supported in later releases

I could not find any confirmation of supporting it in the latest version 7.2.

 

You can apply custom sensitive data rules, but there is no longer sensitive data masking


3. Rule dynamic state is no longer available on Snort3 and Rate based rules are available in custom Network Analysis policy

On this link you can find more detailed information about Snort3
https://secure.cisco.com/secure-firewall/docs/snort-3-adoption 



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------




Reagrds
Divya Jain

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Divya Jain

‎11-28-2022 07:21 PM - edited ‎11-28-2022 07:21 PM

Snort 3 "Firepower recommendations" are available in Release 7.2.

Reference:

https://secure.cisco.com/secure-firewall/v7.2/docs/snort-3-adoption#feature-comparison

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card