I'm using Sourcefire IPS and I'm reviewing the signature alerts... I scheduled a report that show me which specific snort signature triggered in a specific time frame, something like:
SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY
Because we use different layers in the intrusion policy will be very useful to add to the report the layer in which the signature are. (The reason of this is that a specific layer is including the latest snort rules, while the others older ones, so I would like to filter the events based on the layer to investigate only the new ones and not previous events.)
The output should be a report in csv like:
SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY , ( Layer )
Do you know how to export this? What is the best way to review these events? Any experience?
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...
I somehow stumbled upon Cisco's IBNS 2.0 Auto Identity (AI) templates in my CML/VIRL IOSv layer2 image (IOS 15.2(6)).
I find these templates great, because these are the best practices that we tend to hard-code manually - e.g there are...
Hello. Thanks in advance for any input. I have just spun up a Cisco ISE lab and having some issues with the certificates. I created a self-signed certificate to be used with EAP and admin. DNS name of ise1.example.local points to the ...
Adversarial Tactics and TechniquesA Call to Action
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports posturing of endpoints with different ...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...