cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
643
Views
1
Helpful
6
Replies

SNORT2 rule to SNORT3 but not LOCAL rules

vivarock12
Level 1
Level 1

is there a way to migrate existing SNORT2 rules to for example im looking at SID 1:62681,SID 1:62682,SID 1:62683,SID 1:62684 they appear on SNORT2 rule but not on SNORT3 so is there a way to migrate this rules?

vivarock12_0-1702576776719.png

this are on the category malware-other so the thing is if i try to find the ones on SNORT3 they dont exist.

vivarock12_2-1702577236285.png

 

i might be mistaking something and i dont have to much experience on IPS as a hole, but from wat i get if am using SNORT3 on my FTD this SNORT2 rules are not use rigth?

so can anyone tellme how to do this?

thanks for the help by the way.

2 Accepted Solutions

Accepted Solutions

By my understanding it means that manually created rules are not automatically migrated to SNORT3.  They are still used but you need to synchronize the SNORT2 rules with SNORT3 for them to be effective in SNORT3.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

6 Replies 6

Did you try synchronizing the SNORT2 rules with SNORT3?

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/migrating.html#ID-2247-00000297-synchronize

 

--
Please remember to select a correct answer and rate helpful posts

but those that means that the rules of snort2 are use on snort3 but not the manually created all of them?

By my understanding it means that manually created rules are not automatically migrated to SNORT3.  They are still used but you need to synchronize the SNORT2 rules with SNORT3 for them to be effective in SNORT3.

--
Please remember to select a correct answer and rate helpful posts

vivarock12
Level 1
Level 1

nice i already had the sync done so that the information i was loking for to be sure, just to have the data do you have any document where that is stated?

The link in my first reply has information on this.  Here it is again.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/migrating.html#ID-2247-00000297-synchronize

--
Please remember to select a correct answer and rate helpful posts

thanks didnt so that before sorry but thanks for the help.

Review Cisco Networking for a $25 gift card