I hope this will just be a pointer to the resource...
Is there a repository with more details about what the signatures are. Or a way to see what caused the match? Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.
eg: Sig 20019 "MALWARE-CNC User-Agent known malicious user agent - test"
Solved
IPS Signatures - Detailed Descriptions?
+16Best answer by stevan
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
This topic has been closed for replies.
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.