Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Support_Team_Bi
Contributor

IPS : CVE-2020-9615 Signature

Jump to solution

Hello,

After new CVE has released, when the IPS signature release on Firewall(Day or Week)? For example, CVE-2020-9615.

 

Thank you 

0 Kudos
1 Solution

Accepted Solutions
anthony1337
Explorer

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
In general, not every CVE can get a signature.
There has to be enough details made available about the CVE for a signature to be developed.
It also has to be exploitable over the network.
This one in particular requires local access to the Mac, as described here: https://gizmodo.com/you-need-to-update-adobe-acrobat-for-macos-right-now-1843466382
We added signatures for several other Adobe-related CVEs yesterday.
0 Kudos
anthony1337
Explorer

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

View solution in original post

0 Kudos