This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Support_Team_Bi
Contributor
‎2020-05-14 04:22 AM
Jump to solution

IPS : CVE-2020-9615 Signature

Hello,

After new CVE has released, when the IPS signature release on Firewall(Day or Week)? For example, CVE-2020-9615.

 

Thank you 

0 Kudos
1 Solution

Accepted Solutions
anthony1337
Explorer
‎2020-05-26 12:53 PM
Jump to solution

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-05-15 09:46 PM
Jump to solution

In general, not every CVE can get a signature.
There has to be enough details made available about the CVE for a signature to be developed.
It also has to be exploitable over the network.
This one in particular requires local access to the Mac, as described here: https://gizmodo.com/you-need-to-update-adobe-acrobat-for-macos-right-now-1843466382
We added signatures for several other Adobe-related CVEs yesterday.
0 Kudos
anthony1337
Explorer
‎2020-05-26 12:53 PM
Jump to solution

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events