Solved: How to verify which snort rules are included in the latest SRU update?

Chess Norris · ‎11-03-2022

Hello,
What is the easiest way to find out which snort rules are included in the latest SRU update? I couldn’t find any information on that in the SRU download section at Cisco.

The latest SRU available from Cisco is Cisco Secure Rule Update 2022-10-31-001and I am trying to figure out if the snort rules for the latest OpenSSL vulnerability (CVE-2022-3602 and CVE-2022-3786) are included there.

According to Talos, they released the following rules too address those vulnerabilities: 60790, 300306, 300307
If I search for CVE-2022-3602 in my IPS policy, I can find snort rule 300306 and 300307, but nothing when searching for CVE-2022-3786.

Thanks

/Chess

Marvin Rhoads · ‎11-03-2022

@Chess Norris the latest FMC LSP update as of this posting (2022-11-02) has the CVE. See screenshot below.

It looks like rule SID 60790 will be enabled in the next update. See https://snort.org/advisories/talos-rules-2022-11-03

FMC IPS with 2022-11-02 Snort Update

View solution in original post

Marvin Rhoads · ‎11-03-2022

@Chess Norris the latest FMC LSP update as of this posting (2022-11-02) has the CVE. See screenshot below.

It looks like rule SID 60790 will be enabled in the next update. See https://snort.org/advisories/talos-rules-2022-11-03

FMC IPS with 2022-11-02 Snort Update

Chess Norris · ‎11-04-2022

Thanks Marvin!

/Chess