Video Screencast Help

SEP HIPS as a mitigation

Created: 20 May 2013 | 3 comments

Looking to connect with anyone who uses custom HIPS signatures on hosts as mitigations for attacks on things like java, adobe reader/flash, unpatched MS vulns, etc large enterprise preferred

 

Please share your exeperiences, pros/cons, tips, and any information sources for signatures..
 

Thanks in Advance!devil

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

The toughest part is you need to get the signature right (based off snort syntax) otherwise it will not work or work improperly. If you look at the admin and install guide for SEP 12.1, appendix E, starting on page 1121 it gives a lot of good info on the syntax for custom IPS. It's a good start.

The pro is that you are ahead of the curve and have protection right away.

If you have a test lab than you are going in the right direction as you can quickly confirm that your signatures are working.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

lockitdownjms's picture

Any batch way to download all of the Snort sigs for one type of software-(e.g java 1.6.X,java 1.7.X)?

 

.Brian's picture

Would need to be a custom created process.

I don't have anything to do this though.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.