Video Screencast Help

SEP Custom IPS Signature Conversion Tool for SNORT Signatures

Created: 07 Sep 2011 | 5 comments
thatdude's picture
9 Agree
0 Disagree
+9 9 Votes
Login to vote

Since SEP uses Snort like rules for the SEP custom HIPS signatures it would be nice if Symantec provided a tool that we could input the Snort signature and output the signature in the correct syntax for SEP HIPS custom signatures.

At the very least a front end wizard would be nice so that the admin simply fills in the information and then the wizard spits out the correct syntax with the information the admin has entered.

Comments 5 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

I agree with you. Customers should be able to create Custom IPS Signature in a more User Friendly way.

Also if there a way to convert the Snort rules to SEP IPS rule or if we can get a detailed guideline on how to convert a SNORT rule to SEP IPS rule.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

Login to vote
ℬrίαη's picture

This is a great idea and would be very handy for advanced rule writing.


Login to vote
cus000's picture

I support.

More tools or guide would be helpfull to create custom IPS rule (s)...

Login to vote
JUSTICE's picture

Should be implemented within the SEPM console. BRAVO ZULU on this awesome idea.

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

Login to vote