Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2729
Views
0
Helpful
2
Replies

IPS signature layer reports ?

rick11
Level 1
Level 1

‎01-18-2019 03:01 AM - edited ‎02-21-2020 08:40 AM

Hello!

I'm using Sourcefire IPS and I'm reviewing the signature alerts... I scheduled a report that show me which specific snort signature triggered in a specific time frame, something like:

 

SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY  

 

Because we use different layers in the intrusion policy will be very useful to add to the report the layer in which the signature are.
(The reason of this is that a specific layer is including the latest snort rules, while the others older ones, so I would like to filter the events based on the layer to investigate only the new ones and not previous events.)

 

The output should be a report in csv like:

SIGNATURE NAME , NUMBER OF EVENTS, SEVERITY  , ( Layer )

 

Do you know how to export this? What is the best way to review these events? Any experience?

 

Many thanks! Ric

Labels:
0 Helpful
2 Replies 2

Sheraz.Salim
VIP
VIP

‎01-21-2019 02:39 AM

From my experience source fire is excellent IPS/IDS however, when it come to reporting its not as good.

please do not forget to rate.
0 Helpful

rick11
Level 1
Level 1
In response to Sheraz.Salim

‎07-30-2019 12:35 PM

Hello,

any advice on the topic?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card