I hope this will just be a pointer to the resource...
Is there a repository with more details about what the signatures are. Or a way to see what caused the match? Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.
eg: Sig 20019 "MALWARE-CNC User-Agent known malicious user agent - test"
Page 1 / 1
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
Reply
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.