Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ghunjan
Explorer

DB on IPS

Jump to solution

Hi guys,

Is there any way or alternative way for IPS to use DB that has Name of application/softwares in my environment and block those signatures?

 

Thanks,

Gagandeep

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

To do it programmatically based on a file, you'd have to code up something that leverages the API.
However, it's pretty simple to do what you're after in SmartConsole by configuring the Threat Prevention profile accordingly.
Clone your existing profile if necessary and add the relevant products/vendors to the Additional Activation section.
Protections for that vendor will then be included if they aren't already.

image.png

 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You can import snort signatures and/or Yara rules for anything we don't have an IPS signature for.
Refer to the Threat Prevention guide for your specific software version.

0 Kudos
ghunjan
Explorer

Thanks for your response.

Signatures are already. What I am looking for is to set certain signatures to PREVENT based off a list/file that can be fed to IPS.

For instance we have Salesforce and MongoDB in our environment. Is there any way to automatically set any new signature released for this vendor PREVENT?

Than you

0 Kudos
PhoneBoy
Admin
Admin

To do it programmatically based on a file, you'd have to code up something that leverages the API.
However, it's pretty simple to do what you're after in SmartConsole by configuring the Threat Prevention profile accordingly.
Clone your existing profile if necessary and add the relevant products/vendors to the Additional Activation section.
Protections for that vendor will then be included if they aren't already.

image.png

 

0 Kudos
ghunjan
Explorer

Thank you!

0 Kudos