IPS Signature Converter Plugin for Panorama

The IPS Signature Converter plugin enables you to convert third-party IPS rules into custom PAN-OS threat signatures.
Panorama now supports the IPS Signature Converter plugin, an automated solution for converting rules from third-party intrusion prevention systems—Snort and Suricata—into custom Palo Alto Networks threat signatures. You can then register these signatures on firewalls that belong to device groups you specify and use them to enforce policy in Vulnerability Protection and Anti-Spyware Security Profiles.
Snort and Suricata are open-source intrusion prevention systems that use uniquely formatted rules to detect threats. Threat intelligence-sharing organizations often distribute security advisories with these rules so that you can implement the appropriate protections on your firewall. The IPS Signature Converter plugin enables you to immediately act upon these advisories and protect your network against any threats you receive in Snort or Suricata format.
After you install the IPS Signature Converter plugin on Panorama, you can upload rules for conversion and import them to your device groups. You can also export rules containing indicators of compromise (IOC) to a text file that you can use as an external dynamic list to enforce policy on the entries that it contains.

Installation and Upgrade

To convert signatures using the IPS Signature Converter plugin, you must install it manually. The plugin is available for Panorama 10.0 or later and requires an active Threat Prevention license.
When we release new plugin versions, you must follow the installation steps to retrieve the latest update. PAN-OS or Panorama updates will not automatically install the latest plugin version.
Learn more about the IPS Signature Converter plugin in our guide to Custom Application IDs and Threat Signatures.

Recommended For You