Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ghunjan
Participant
Jump to solution

DB on IPS

Hi guys,

Is there any way or alternative way for IPS to use DB that has Name of application/softwares in my environment and block those signatures?

 

Thanks,

Gagandeep

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

To do it programmatically based on a file, you'd have to code up something that leverages the API.
However, it's pretty simple to do what you're after in SmartConsole by configuring the Threat Prevention profile accordingly.
Clone your existing profile if necessary and add the relevant products/vendors to the Additional Activation section.
Protections for that vendor will then be included if they aren't already.

image.png

 

View solution in original post

4 Replies
PhoneBoy
Admin
Admin

You can import snort signatures and/or Yara rules for anything we don't have an IPS signature for.
Refer to the Threat Prevention guide for your specific software version.

0 Kudos
ghunjan
Participant

Thanks for your response.

Signatures are already. What I am looking for is to set certain signatures to PREVENT based off a list/file that can be fed to IPS.

For instance we have Salesforce and MongoDB in our environment. Is there any way to automatically set any new signature released for this vendor PREVENT?

Than you

PhoneBoy
Admin
Admin

To do it programmatically based on a file, you'd have to code up something that leverages the API.
However, it's pretty simple to do what you're after in SmartConsole by configuring the Threat Prevention profile accordingly.
Clone your existing profile if necessary and add the relevant products/vendors to the Additional Activation section.
Protections for that vendor will then be included if they aren't already.

image.png

 

ghunjan
Participant

Thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events