Snort sensor

Vishal6 · ‎06-24-2025

Hi All,

I have came through that Snort is only compatible with sensors embedded below Cisco products, However my organisation brought IE-3300 series OT switches. Please guide me here

Cisco IC3000 Industrial Compute Gateway
Cisco Catalyst 9300 Series Switches
Cisco IR8340 Integrated Services Router Rugged.

Vishal6 · ‎06-24-2025

Pls help

Marvin Rhoads · ‎06-24-2025

Nothing in the data sheet indicates any Snort or IPS / security capability on the switch:
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-ie3300-rugged-series/catalyst-ie3300-rugged-series-ds.html

Security for this class of OT devices is typically provided via integration with something like CyberVision software on a external server that is integrated to upstream firewalls such as ISA 3000 series (for OT/hardened sites) or other FMC-managed FTD device.

Vishal6 · ‎06-25-2025

Can we use Cybervision model (CV-CNTR-M6N) eth0 and eth1 interfaces for both management and Sensor services simultaneously.

Marvin Rhoads · ‎06-25-2025

@Vishal6 reference this guide for CV hardware appliances: https://www.cisco.com/c/en/us/td/docs/security/cyber_vision/publications/Center-Appliance/Release-4-4-0/b_Cisco_Cyber_Vision_Center_Appliance_Installation_Guide/m_Information_Characteristics_UCS.html

It tells us:

"Configuring single or dual interface (not applicable to a Global Center)

For security reasons, it is recommended to use the Center on two separate networks, respectively connected to the following interfaces:

The Administration network interface (eth0), which gives access to the user interface.
The Collection network interface (eth1), which connects the Center to the sensors.

The Center provides two dedicated and separate 10 Gigabit Ethernet network ports to connect to these two networks.

However, in case of incompatibility with the industrial network infrastructure or for limited environments, you can use a single network interface (eth0)."