Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ESpataro
Contributor

Create Snort Rule File to Import to Checkpoint IPS

Hi ,

I have been provided an excel.csv file which contains snort definitions and been asked to import them into checkpoint IPS. However I see that checkpoint needs a snort rules file in order to be able to import the definitions and add them.  has anybody come across a toll that will convert the csv file to a snort rules file so it can be imported . csv file attached 

 

Thanks

Enzo

0 Kudos
1 Reply
G_W_Albrecht
Legend Legend
Legend

I can see no snort definitions here, only a listing - a Snort rule looks like this:

<Action> <Protocol> <Source IP Address> <Source Port> <Direction>
<Destination IP Address> <Destination Port> (msg:"<Text>";
<Keyword>:"<Option>";)

But you only have a list of threats and signatures, not snort definitions/signatures itself, with the columns:

Threat ID
Threat Name
Severity
Release Date
Signature ID
Signature Name

It is not possible to convert this into snort rules...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events