About ivanradevradev_

ivanradevradev_ · 11-22-2023

Anyway, use the official snort guide and import your rules as .txt to the FMC. And yes, pass rules to be activated should be in "alert" state , but they would not alert because are pass rules. "Clear" somehow? https://docs.snort.org/rules/headers/act...

ivanradevradev_ · 11-21-2023

Hi, After Firepower 7.2 thinks had changed and now are more confusing then ever, because different versions are having different dictionary. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/snort/720/snort3-configura...

ivanradevradev_ · 02-27-2020

Hi Devlin,There is a Snort rule MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt (3:30881:4) if you enable it in your intrusion policies, will see long DNS queries. It is kind of TALOS property and it is not ...

ivanradevradev_ · 04-08-2019

You gonna have some downtime. Event with import export features it is difficult to have 0 downtime migration. Once you start importing the policies to the new FMC, you need to associate the zones from you ACP rules with interfaces. This means you nee...

Member Since	‎04-08-2019 04:06 AM
Date Last Visited	‎12-03-2023 11:38 AM
Posts	4

User Statistics

User Activity

Re: Snort 3.0 Pass Rules

Re: Snort 3.0 Pass Rules

Re: Cisco FTD DNS Exfiltration Detection

Re: I need to migrate a virtual Firepower Management Center to a physical Firepower Management Center