09-18-2020 12:06 AM
HI All,
How do I keep current intrusion policy configuration when I update snort rules?
Could someone help me?
Best Regards,
Nicholas
09-18-2020 08:35 AM
I am not sure if i understood the question, if you upgrading SNORT (database ?) or rules ?
snort database nothing going to change, in related to rule require more clarity from you.
06-27-2021 06:36 AM
I mean that if i create a customize intrusion policy that base policy is balance security and connective policy,
I want only block some worm attack rules In my customize intrusion policy, the other is use cisco default value.
And when snort update every time , it would change my customize intrusion policy rules that only block some worm attack rules.
I want to keep my customize intrusion policy is all the same no matter what snort updates, it could change my customize intrusion policy.
Could it do that?
Nicholas
06-27-2021 06:33 PM
Your customization is a layer that overlays the base IPS SIDs (Snort IDs which uniquely identify Snort rules) to change their default behavior. Snort Rule updates don't change your overlay.
You cannot export your Intrusion policy as a csv; but you can export it in SFO format which FMC understands. There is a export button next to the edit button on the right side of the screen when viewing the list of IPS policies.
06-29-2021 06:41 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide