About Nikolaj Pabst

Nikolaj Pabst · 07-27-2018

When using the’ Variable Sets’ it important to understand how SNORT rules works. Cisco Firepower is using SNORT, and got a huge amount of SNORT rules in its database. SNORT is in general a heavy process in Firepower Threat Defense, so if we can free...

Nikolaj Pabst · 01-09-2019

It is however paussible to get a running-lina-config from CLI if running a Firepower appliance. But the Sourcefire appliance can be backed up from the FMC as Marvin mentioned. 

Nikolaj Pabst · 01-08-2019

He is not asking to capture traffic, but to take a config backup 

Nikolaj Pabst · 01-08-2019

Hi @Mikeham804, Is it a Sourcefire appliance or a Firepower appliance?

Nikolaj Pabst · 01-08-2019

Hi @InTheJuniverse, This event is simply a client calling a DNS name from 8.8.8.8 (google DNS) that has a "bad reputation".You can trigger this event byg doing a nslookup at 8.8.8.8 on examplemalwaredomain.com. /Nikolaj

Nikolaj Pabst · 01-08-2019

Hi @Th3cart3r Take a look at this CSCuy65203 - This could be the issue you are hitting  /Nikolaj

Member Since	‎03-08-2018 12:18 AM
Date Last Visited	‎06-22-2020 01:45 AM
Posts	59
Total Helpful Votes Received	46

User Statistics

User Activity

How to work with ’Variable Sets’ and why are they so important to SNORT?

Re: SourceFire config dump

Re: SourceFire config dump

Re: SourceFire config dump

Re: Domain not found : DNS Block : Responder 8.8.8.8

Re: FMC Threat Report "Would Have Dropped"