cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1259
Views
0
Helpful
1
Replies
Highlighted

Snort Scripting

Hello 

 

Is there a way to write custom SNORT rules (for IPS) and OpenAppID scripts(for a new Protocol or an APP) and use them in FTD or Firepower Services?

Links would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

For custom snort rules you can check the following (The idea is the same, but the locations are a bit different, but mainly you would use the GUI provided editor or upload the custom rules into the FMC and enable them in your Intrusion rules) and syntax wise you can check any snort guide for further information.

http://www.labminutes.com/sec0175_asa_firepower_ips_custom_rule < version 5.X

https://www.youtube.com/watch?v=uN53tw_6bms < version 6.X

 

And for application detection, check these

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html

http://www.labminutes.com/sec0169_asa_firepower_firepower_custom_application_detector_1

 

Hope the links help!

 

 

 

View solution in original post

Cisco Firepower Threat Defense allows the administrator the ability to customize/create specific signatures to detect/block behavior that is not desired. Whe...
1 REPLY 1
Highlighted
Cisco Employee

For custom snort rules you can check the following (The idea is the same, but the locations are a bit different, but mainly you would use the GUI provided editor or upload the custom rules into the FMC and enable them in your Intrusion rules) and syntax wise you can check any snort guide for further information.

http://www.labminutes.com/sec0175_asa_firepower_ips_custom_rule < version 5.X

https://www.youtube.com/watch?v=uN53tw_6bms < version 6.X

 

And for application detection, check these

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html

http://www.labminutes.com/sec0169_asa_firepower_firepower_custom_application_detector_1

 

Hope the links help!

 

 

 

View solution in original post

Cisco Firepower Threat Defense allows the administrator the ability to customize/create specific signatures to detect/block behavior that is not desired. Whe...
Content for Community-Ad