I hope this will just be a pointer to the resource...
Is there a repository with more details about what the signatures are. Or a way to see what caused the match? Some of the descriptions are quite vague, and it's hard to determine if an exception should be created.
eg: Sig 20019 "MALWARE-CNC User-Agent known malicious user agent - test"
Page 1 / 1
You can use Snort's rule doc search to review signatures. For example, here is info on the signature mentioned above. https://snort.org/rule_docs/1-20019
Please reach out to our support team to assist with a full investigation of the IPS and reason behind it firing.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.