06-10-2005 06:33 AM - edited 03-10-2019 01:29 AM
Hello,
To make real time detection more effective,
how to find the Cisco device alert pattern for real time detection of attack?
For example, SQL slammer worm, Cisco IDS will fire its related/specific signature. For any Trojan activity IDS will fire specific signature.
But how to find a signature patter, or packet pattern for session hijack, ip spoofing and other IP based attacks? (not related to applications)
Is there any knowledge source, which can show traffic/packet pattern generated by IP based attacks/protocol behavior in attack? What kind of alerts for what kind of attack, sequence of alerts, etc.
I am using netForensics for real time threat detection; I want to make some rules which will match the IP behavior/IDS signature generation pattern in progressing attack.
I am looking for such kind of knowledge base, if any one have experience in this please help me out.
Regards
Kapish
06-10-2005 10:36 AM
Kapish,
Take a look at cs-mars. www.cisco.com/go/mars. This is an awesome reporting, analysis and mitigation system. I've been involved in Cisco security product for nine years and this is the most comprehensive security reporting and analysis system I've seen
06-10-2005 06:20 PM
hi, that was a cool link.
But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.
I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.
regards
Kapish
12-12-2018 08:39 PM - edited 12-26-2018 08:29 PM
Threat protection is comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide