Anyway, use the official snort guide and import your rules as .txt to the FMC. And yes, pass rules to be activated should be in "alert" state , but they would not alert because are pass rules. "Clear" somehow? https://docs.snort.org/rules/headers/act...
Hi, After Firepower 7.2 thinks had changed and now are more confusing then ever, because different versions are having different dictionary. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/snort/720/snort3-configura...
Hi Devlin,There is a Snort rule MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt (3:30881:4) if you enable it in your intrusion policies, will see long DNS queries. It is kind of TALOS property and it is not ...
You gonna have some downtime. Event with import export features it is difficult to have 0 downtime migration. Once you start importing the policies to the new FMC, you need to associate the zones from you ACP rules with interfaces. This means you nee...