The IPS Signature Converter plugin enables you to convert
third-party IPS rules into custom PAN-OS threat signatures.
Panorama now supports the IPS Signature Converter plugin,
an automated solution for converting rules from third-party intrusion
prevention systems—Snort and Suricata—into custom Palo Alto Networks
threat signatures. You can then register these signatures on firewalls
that belong to device groups you specify and use them to enforce
policy in Vulnerability Protection and Anti-Spyware Security Profiles.
Snort and Suricata are open-source intrusion prevention systems
that use uniquely formatted rules to detect threats. Threat intelligence-sharing organizations
often distribute security advisories with these rules so that you
can implement the appropriate protections on your firewall. The
IPS Signature Converter plugin enables you to immediately act upon
these advisories and protect your network against any threats you
receive in Snort or Suricata format.
After you install the IPS Signature Converter plugin on Panorama,
you can upload rules for conversion and import them to your device
groups. You can also export rules containing indicators of compromise
(IOC) to a text file that you can use as an external dynamic list
to enforce policy on the entries that it contains.
Installation and Upgrade
To convert signatures
using the IPS Signature Converter plugin, you must install it manually.
The plugin is available for Panorama 10.0 or later and requires
an active Threat Prevention license.
When we release new plugin
versions, you must follow the installation steps to retrieve the
latest update. PAN-OS or Panorama updates will not automatically
install the latest plugin version.
Learn more about the IPS
Signature Converter plugin in our guide to Custom Application IDs
and Threat Signatures.