Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

IPS: Creation of Custom Rules (Snort)

the possibility to add own snort rules would be great!
Customers can add their special rules for their special needs,
so we could be more flexible and more secure.

The AxG can check the own rules via a new snort instance, if everything is fine -> add it to the ruleset.

87 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    SvenWSvenW shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • malossimalossi commented  ·   ·  Flag as inappropriate

        Love your product, but why have you guys created a flat file for your IPS rules? Performance reasons and managability would dictate split rule sets for easier future manipulations......

        IPS = 11204
        # wc -l astaro.rules
        11204 astaro.rules
        All the rules that have been included in your GUI correspond to one file.

        Snort.conf
        ################################################## #
        # Step #7: Customize your rule set
        # For more information, see Snort Manual, Writing Snort Rules
        ################################################## #

        include $RULE_PATH/astaro.rules
        ----Snippet----

        Why would you not classify your rules into a variation of snort rules:

        astaro.attack-responses.rules
        astaro.backdoor.rules.
        Or something easier to manage.

        That way you can cleanly update sets as needed once Astaro has verified a legitimate rule set? Or if you want to turn on a specific set(s) of rules?

        Great product though!

        Thanks.

      • malossimalossi commented  ·   ·  Flag as inappropriate

        With the creation of custom rules....... Could you plz segment out your rules. Not just fit them all under on flat file..... astaro.rules.
        I.e
        astaro. attack-response.rules
        astaro.backdoor.rules
        astaro.exploit.rules
        astaro.specific-threats.rules
        ......... etc

        Thanks.

      • malossimalossi commented  ·   ·  Flag as inappropriate

        Having the ability to add an OINK code and or adding our own rules should be allowed or supported in some fashion. Put a disclaimer on it you must.

      • ExraceExrace commented  ·   ·  Flag as inappropriate

        I have not upgraded due to this. We use many custom rules for special needs within IIS websites. Please Gert makes this possible again!

      Feedback and Knowledge Base