cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
0
Helpful
2
Replies

FTD Snort3 questions

m1xed0s
Contributor
Contributor

I am just trying to plan for upgrading FMC/FTD to Snort3. Several features included in the Snort2 I can not find anymore under the Snort3 configuration pages. Just want to check here in case I missed certain options:

1. There is no "Global Rule Threadsholding" anymore in Snort3, right? If so, thats fine for me. It was a good and bad feature at the same time.

2. Is "Sensitive Data Detection", aka the poor man's DLP, still available in Snort3? I can not find it with my FMC v7.2 test VM. Wondering if it is removed as well in Snort3?

3. Does Snort3 still provides the "Dynamic Intrustion Rule states" for the Rate-based rule? Can not find it either within Snort3 configuration pages...

Thanks!

1 Accepted Solution

Accepted Solutions

Divya Jain
Cisco Employee
Cisco Employee

Hello,

1. Global Rule Threadsholding is a feature not supported by Snort3. For Snort 3 Threshold and suppression refer to this video to understand the process - https://www.youtube.com/watch?v=pharzZB1bYY 

 

2. 
Limitations for 7.0 Release
These features are available in Snort 2 but are not supported with Snort 3 for Firepower 7.0:
*       Snort 3 Policy Comparison
*       Custom Intrusion Rule editor
*       Firepower Recommendations
*       SNMP support
*       Sensitive Data Protection
*       Rule Dynamic state
These features may be supported in later releases

I could not find any confirmation of supporting it in the latest version 7.2.

 

You can apply custom sensitive data rules, but there is no longer sensitive data masking


3. Rule dynamic state is no longer available on Snort3 and Rate based rules are available in custom Network Analysis policy

On this link you can find more detailed information about Snort3
https://secure.cisco.com/secure-firewall/docs/snort-3-adoption 



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------




Reagrds
Divya Jain

View solution in original post

2 Replies 2

Divya Jain
Cisco Employee
Cisco Employee

Hello,

1. Global Rule Threadsholding is a feature not supported by Snort3. For Snort 3 Threshold and suppression refer to this video to understand the process - https://www.youtube.com/watch?v=pharzZB1bYY 

 

2. 
Limitations for 7.0 Release
These features are available in Snort 2 but are not supported with Snort 3 for Firepower 7.0:
*       Snort 3 Policy Comparison
*       Custom Intrusion Rule editor
*       Firepower Recommendations
*       SNMP support
*       Sensitive Data Protection
*       Rule Dynamic state
These features may be supported in later releases

I could not find any confirmation of supporting it in the latest version 7.2.

 

You can apply custom sensitive data rules, but there is no longer sensitive data masking


3. Rule dynamic state is no longer available on Snort3 and Rate based rules are available in custom Network Analysis policy

On this link you can find more detailed information about Snort3
https://secure.cisco.com/secure-firewall/docs/snort-3-adoption 



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------




Reagrds
Divya Jain

Snort 3 "Firepower recommendations" are available in Release 7.2.

Reference:

https://secure.cisco.com/secure-firewall/v7.2/docs/snort-3-adoption#feature-comparison

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers