This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sung-Lun_Yang1
Employee Alumnus
Employee Alumnus
‎2019-05-09 08:43 PM

New Exploits for Unsecure SAP Systems, How to import Snort rule

Hello all,

 

近期US-Cert發佈了SAP系統的一個新漏洞:

https://www.us-cert.gov/ncas/alerts/AA19-122A

有客戶詢問到Check Point如何進行防禦(How to Prevent);US-Cert已經先發佈了此攻擊相關的Snort Rule:

SAP_Snort.png

R80.10版本之後的客戶可以透過SmartConsole直接匯入來阻擋攻擊,步驟如下:

Step.1 將上方的Snort rule(可以在上方的US-Cert網頁複製)貼到記事本,並另存成 「XXX.rules」 Snort檔案格式。

SAP_rules.png

Step.2 登入SmartConsole,切換到Security Policies頁籤,點選Threat Prevention policy,下方會有IPS Protectections的連結,點選上方的Action >> Snort Protections >> Import Snort rules >> 選擇剛剛另存的Snort rule:

Import_Snort.png

 

Step.3 匯入之後左下角Task會顯示匯入的進度:

Import_Snort-2.png

 

Step.4 匯入完成之後,在IPS Protections裡面即可以查詢到剛剛匯入的Snort特徵碼:

Import_Snort-3.png

 

Step.5 進行Profile的設定之後就可以Install Policy開始進行防禦了。

0 Replies
Upcoming Events

    CheckMates Events