Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
0
Helpful
3
Replies

IPS signature update export

rick11
Level 1
Level 1

‎01-12-2018 07:11 AM - edited ‎02-21-2020 07:07 AM

Hello,

I have this problem, every few month the IPS sourcefire signature got updated , let's say that the update might contain up to 5000 signatures (average)

 

From where can I download the database/signature list in advance to decide which signature to enable/disable?

 

The goal is to analyze the rule before enabling them , at the moment I enable all and then disable but it's generating a lot of false positives

 

Any idea or experience?

Labels:
0 Helpful
3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

‎01-17-2018 03:07 AM

do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not?

 

if so, the reports section contains such a list

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎01-17-2018 03:10 AM

do you mean you are after a list of signatures and their CVE's and then based on that decide what to enable and what not? if so, the reports section contains such a list

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

rick11
Level 1
Level 1
In response to Dennis Mink

‎01-17-2018 03:38 AM

I don't see a list in report section, maybe do we need to add a template?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card