Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Learn
- Inside Netskope
- IPS Signatures - Detailed Descriptions?
IPS Signatures - Detailed Descriptions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2023 11:43 AM
I hope this will just be a pointer to the resource...
Is there a repository with more details about what the signatures are. Or a way to see what caused the match? Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.
eg: Sig 20019 "MALWARE-CNC User-Agent known malicious user agent - test"
-Q.
Solved! Go to Solution.
- Labels:
-
Threat vulnerability management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 08:49 AM
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2023 08:49 AM
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In