Ask the community

IPS Signatures - Detailed Descriptions?

qyost
Contributor III

I hope this will just be a pointer to the resource...

Is there a repository with more details about what the signatures are.  Or a way to see what caused the match?   Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.

eg: Sig 20019  "MALWARE-CNC User-Agent known malicious user agent - test"

--
-Q.
1 Solution
stevan
Netskope
Netskope

You can use Snort's rule doc search to review signatures.  For example, here is info on the signature mentioned above.  https://snort.org/rule_docs/1-20019

 

Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.

Stevan Pierce, CEH CISSP CPT

View solution in original post

1 Reply 1
stevan
Netskope
Netskope

You can use Snort's rule doc search to review signatures.  For example, here is info on the signature mentioned above.  https://snort.org/rule_docs/1-20019

 

Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.

Stevan Pierce, CEH CISSP CPT
Subscribe

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In