Hello all,
近期US-Cert發佈了SAP系統的一個新漏洞:
https://www.us-cert.gov/ncas/alerts/AA19-122A
有客戶詢問到Check Point如何進行防禦(How to Prevent);US-Cert已經先發佈了此攻擊相關的Snort Rule:
R80.10版本之後的客戶可以透過SmartConsole直接匯入來阻擋攻擊,步驟如下:
Step.1 將上方的Snort rule(可以在上方的US-Cert網頁複製)貼到記事本,並另存成 「XXX.rules」 Snort檔案格式。
Step.2 登入SmartConsole,切換到Security Policies頁籤,點選Threat Prevention policy,下方會有IPS Protectections的連結,點選上方的Action >> Snort Protections >> Import Snort rules >> 選擇剛剛另存的Snort rule:
Step.3 匯入之後左下角Task會顯示匯入的進度:
Step.4 匯入完成之後,在IPS Protections裡面即可以查詢到剛剛匯入的Snort特徵碼:
Step.5 進行Profile的設定之後就可以Install Policy開始進行防禦了。
Thu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 12 Nov 2024 @ 02:00 PM (CET)
Part 1: Harnessing AI to Prevent Cyber Attacks and Enhance Defense - EMEATue 12 Nov 2024 @ 11:00 AM (EST)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (AMERICAS)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
