Solved

IPS Signatures - Detailed Descriptions?

  • 19 June 2023
  • 1 reply
  • 33 views

Userlevel 5
Badge +16

I hope this will just be a pointer to the resource...

Is there a repository with more details about what the signatures are.  Or a way to see what caused the match?   Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.

eg: Sig 20019  "MALWARE-CNC User-Agent known malicious user agent - test"

icon

Best answer by stevan 27 June 2023, 17:49

View original

1 reply

Userlevel 4
Badge +16

You can use Snort's rule doc search to review signatures.  For example, here is info on the signature mentioned above.  https://snort.org/rule_docs/1-20019

 

Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.

Reply