01-12-2018 07:11 AM - edited 02-21-2020 07:07 AM
Hello,
I have this problem, every few month the IPS sourcefire signature got updated , let's say that the update might contain up to 5000 signatures (average)
From where can I download the database/signature list in advance to decide which signature to enable/disable?
The goal is to analyze the rule before enabling them , at the moment I enable all and then disable but it's generating a lot of false positives
Any idea or experience?
01-17-2018 03:07 AM
do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not?
if so, the reports section contains such a list
01-17-2018 03:10 AM
do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not? if so, the reports section contains such a list
01-17-2018 03:38 AM
I don't see a list in report section, maybe do we need to add a template?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide