Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2939
Views
0
Helpful
1
Replies

Snort Scripting

Go to solution
amhish@netfox.de
Level 1
Level 1

‎06-13-2019 02:56 PM - edited ‎02-21-2020 09:13 AM

Hello 

 

Is there a way to write custom SNORT rules (for IPS) and OpenAppID scripts(for a new Protocol or an APP) and use them in FTD or Firepower Services?

Links would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee

‎06-14-2019 07:32 AM - edited ‎06-14-2019 07:33 AM

For custom snort rules you can check the following (The idea is the same, but the locations are a bit different, but mainly you would use the GUI provided editor or upload the custom rules into the FMC and enable them in your Intrusion rules) and syntax wise you can check any snort guide for further information.

http://www.labminutes.com/sec0175_asa_firepower_ips_custom_rule < version 5.X

https://www.youtube.com/watch?v=uN53tw_6bms < version 6.X

 

And for application detection, check these

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html

http://www.labminutes.com/sec0169_asa_firepower_firepower_custom_application_detector_1

 

Hope the links help!

 

 

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee

‎06-14-2019 07:32 AM - edited ‎06-14-2019 07:33 AM

For custom snort rules you can check the following (The idea is the same, but the locations are a bit different, but mainly you would use the GUI provided editor or upload the custom rules into the FMC and enable them in your Intrusion rules) and syntax wise you can check any snort guide for further information.

http://www.labminutes.com/sec0175_asa_firepower_ips_custom_rule < version 5.X

https://www.youtube.com/watch?v=uN53tw_6bms < version 6.X

 

And for application detection, check these

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html

http://www.labminutes.com/sec0169_asa_firepower_firepower_custom_application_detector_1

 

Hope the links help!

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card