Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Gents,
I have a query related to Dwell Time calculation in Security IR. Query is lets say one of the user who was on a leave for a week, returned back from holidays and one day while checking the emails, he opened the malicious attachment which ...
Hi Guys,
I need one help where there as per requirement we made a custom signature on snort inbuilt in Firepower series. But the issue is its not triggering anything.
I am copying the signature which is made and its based on content. The requirem...
Hi Gents,
I required your support in one of the query which is we are using CISCO ASA 5545 Firewall and its inbuilt AIP-SSM module in IDS fail-open mode.
Because its in IDS mode its detecting attacks but the requirement is to know we want packet ...
Hi Joel,Thanks again for your quick response.What in case I want either of condition then, can it be accomplished without writing three different rules mentioning different keywords or withing single rule we can accomplish?Regards,Ankush Kumar
Hi Joel,Thanks for your reply.Actually the requirement is to trigger an event whenever its matching either cmd, connect or target keywords in any content of URI.Do you want me to write this rule in 3 times after containing different content keywords ...
Hi Marvin,One doubt about the posted line ----------------------------------------------------------------------------"If the server replied, it would mean that the attack wasn't detected blocked in the first place and we would thus have no criteria ...
Hi Karsten,
Thanks for your reply.
Quick query on this, in case we are going for Firepower series of ASAs with inbuilt module of IPS engine, then does that provide functionality of packet capture of detecting attacks including server replies? and...
