[Snort-openappid] problems in updating rules

Joel Esler (jesler) jesler at ...5...
Sat Jun 10 12:46:14 EDT 2017


NGIPS rules are Snort rules. So one will teach you the other.

That being said, the Snort Manual is a solid start. Manual.snort.org<http://Manual.snort.org>

There are also rule writing classes taught by Cisco that can get you pretty far for most things you need.

--
Sent from my iPhone

On Jun 10, 2017, at 12:13, sourabh singhrathore <rsourabhs at ...8...<mailto:rsourabhs at ...8...>> wrote:

Hi Joel,

Thanks for reply, I hope you well.

Basically my current organization will buy new Cisco NGIPS devices and in this IPD some default rules is there i want to modify those rules according to our infrastructure.

Currently i dont have any knowledge about rules, i searched it on goggle it says NGIPS rules are snort rules, so i want to learn those things.

Please suggest the further path what should i do, shall i learn snort rule first or shall i go to modify Cisco NGIPS rules.  Currently i dont have any simulator to check how this device is working.

Regards,
Sourabh Singh

On Sat, Jun 10, 2017 at 9:24 PM, Joel Esler (jesler) <jesler at ...5...<mailto:jesler at ...5...>> wrote:
What kind of rules?  Snort rules? Or OpenAppId rules?

--
Sent from my iPhone

On Jun 10, 2017, at 11:47, sourabh singhrathore <rsourabhs at ...8...<mailto:rsourabhs at ...8...>> wrote:

Dear Team,

I want to learn creation of rules and modify rules in Cisco Sourcefire (NGIPS) according to our infrastructure could you please provide us the details from where we can get those resources. Currently i am new in this field i want to learn from scratch.

I have a Kali Linux to test all rules, please suggest if you have any simulator to test our rules or dumb setup to test all things.

Awaiting for your positive response.

Warm Regards,
Sourabh Singh



On Sat, Jun 10, 2017 at 12:54 AM, Joel Esler (jesler) <jesler at ...5...<mailto:jesler at ...5...>> wrote:
You're going to have to give us some errors or something.  I don't see how we can troubleshoot your issue with what you have provided.


--
Joel Esler | Talos: Manager | jesler at ...5...<mailto:jesler at ...5...>






On Jun 8, 2017, at 8:13 AM, Etian Menencia Garcia <etian.menencia at ...157...<mailto:etian.menencia at ...157...>> wrote:

I have serious problems in updating my snort rules, I try with Force Download but still not working, what can I do with it?


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20170610/4bcaecba/attachment.html>


More information about the Snort-openappid mailing list