Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
1
Replies

New Snort 3 IPS policy update and best practice vs. Snort 2

MS-JK
Level 1
Level 1

‎10-06-2022 04:53 PM

Recently migrated from snort 2 to snort 3 and looking for best practice to maintain and review IPS policy. For example, in new snort 3 policy I no longer have the POLICY LAYER where I would go to view any NEW or MODIFIED rules from previous update. How does one maintain snort 3 rules now? Looking for simple quick how-to (not entire book), what you do on weekly basis to maintain and validate new updated policies and changes.

Thanks!

0 Helpful
1 Reply 1

manabans
Cisco Employee
Cisco Employee

‎10-25-2022 06:33 PM

A Snort 3 intrusion rule update is called an LSP (Lightweight Security Package) rather than an SRU. The system still uses SRUs for Snort 2; downloads from Cisco contain both the latest LSP and SRU. The system automatically uses the appropriate rule set for your configurations.
You can check and update the LSP on System > Updates > Rule Updates.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/system_software_updates.html#ID-2259-00000356 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card