Re: How do I keep current intrusion policy configuration when I update snort rules?

nicholas183183 · ‎09-18-2020

HI All,

How do I keep current intrusion policy configuration when I update snort rules?

Could someone help me?

Best Regards,

Nicholas

balaji.bandi · ‎09-18-2020

I am not sure if i understood the question, if you upgrading SNORT (database ?) or rules ?

snort database nothing going to change, in related to rule require more clarity from you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nicholas183183 · ‎06-27-2021

I mean that if i create a customize intrusion policy that base policy is balance security and connective policy,

I want only block some worm attack rules In my customize intrusion policy, the other is use cisco default value.

And when snort update every time , it would change my customize intrusion policy rules that only block some worm attack rules.

I want to keep my customize intrusion policy is all the same no matter what snort updates, it could change my customize intrusion policy.

Could it do that?

Nicholas

Marvin Rhoads · ‎06-27-2021

Your customization is a layer that overlays the base IPS SIDs (Snort IDs which uniquely identify Snort rules) to change their default behavior. Snort Rule updates don't change your overlay.

You cannot export your Intrusion policy as a csv; but you can export it in SFO format which FMC understands. There is a export button next to the edit button on the right side of the screen when viewing the list of IPS policies.

nicholas183183 · ‎06-29-2021

Does it have any idea to get it to output?

Nicholas