Re: Real time threat detection

kapishmohole.cisco · ‎06-10-2005

Hello,

To make real time detection more effective,

how to find the Cisco device alert pattern for real time detection of attack?

For example, SQL slammer worm, Cisco IDS will fire its related/specific signature. For any Trojan activity IDS will fire specific signature.

But how to find a signature patter, or packet pattern for session hijack, ip spoofing and other IP based attacks? (not related to applications)

Is there any knowledge source, which can show traffic/packet pattern generated by IP based attacks/protocol behavior in attack? What kind of alerts for what kind of attack, sequence of alerts, etc.

I am using netForensics for real time threat detection; I want to make some rules which will match the IP behavior/IDS signature generation pattern in progressing attack.

I am looking for such kind of knowledge base, if any one have experience in this please help me out.

Regards

Kapish

gabelar · ‎06-10-2005

Kapish,

Take a look at cs-mars. www.cisco.com/go/mars. This is an awesome reporting, analysis and mitigation system. I've been involved in Cisco security product for nine years and this is the most comprehensive security reporting and analysis system I've seen

kapishmohole.cisco · ‎06-10-2005

hi, that was a cool link.

But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.

I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.

regards

Kapish

nikki_carol · ‎12-12-2018

Threat protection is comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology.