This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Support_Team_Bi
Contributor
‎2020-05-14 04:22 AM
Jump to solution

IPS : CVE-2020-9615 Signature

Hello,

After new CVE has released, when the IPS signature release on Firewall(Day or Week)? For example, CVE-2020-9615.

 

Thank you 

0 Kudos
1 Solution

Accepted Solutions
anthony1337
Explorer
‎2020-05-26 12:53 PM
Jump to solution

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-05-15 09:46 PM
Jump to solution

In general, not every CVE can get a signature.
There has to be enough details made available about the CVE for a signature to be developed.
It also has to be exploitable over the network.
This one in particular requires local access to the Mac, as described here: https://gizmodo.com/you-need-to-update-adobe-acrobat-for-macos-right-now-1843466382
We added signatures for several other Adobe-related CVEs yesterday.
0 Kudos
anthony1337
Explorer
‎2020-05-26 12:53 PM
Jump to solution

In case you need to create a custom rule or need a signature that is not published via Checkpoint feeds you can always import a snort rule if one exists for this signature. 

 

eg. https://blog.snort.org/2020/03/snort-rule-update-for-march-10-2020.html

 

- Use the snort importer config on the manager, set to detect only and run the script to check IPS performance for this signature. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top