IPS: Creation of Custom Rules (Snort)
the possibility to add own snort rules would be great!
Customers can add their special rules for their special needs,
so we could be more flexible and more secure.
The AxG can check the own rules via a new snort instance, if everything is fine -> add it to the ruleset.
SvenW
shared this idea
7 comments
-
malossi
commented
Love your product, but why have you guys created a flat file for your IPS rules? Performance reasons and managability would dictate split rule sets for easier future manipulations......
IPS = 11204
# wc -l astaro.rules
11204 astaro.rules
All the rules that have been included in your GUI correspond to one file.Snort.conf
################################################## #
# Step #7: Customize your rule set
# For more information, see Snort Manual, Writing Snort Rules
################################################## #include $RULE_PATH/astaro.rules
----Snippet----Why would you not classify your rules into a variation of snort rules:
astaro.attack-responses.rules
astaro.backdoor.rules.
Or something easier to manage.That way you can cleanly update sets as needed once Astaro has verified a legitimate rule set? Or if you want to turn on a specific set(s) of rules?
Great product though!
Thanks.
-
malossi
commented
With the creation of custom rules....... Could you plz segment out your rules. Not just fit them all under on flat file..... astaro.rules.
I.e
astaro. attack-response.rules
astaro.backdoor.rules
astaro.exploit.rules
astaro.specific-threats.rules
......... etcThanks.
-
malossi
commented
Having the ability to add an OINK code and or adding our own rules should be allowed or supported in some fashion. Put a disclaimer on it you must.
-
Tung Chai Sia
commented
We need this.
-
wingman
commented
this should be included in version 8.
-
Exrace
commented
I have not upgraded due to this. We use many custom rules for special needs within IIS websites. Please Gert makes this possible again!
-
Sven
commented
This was possible in Version 6!
