Learn about the IPS Signature Converter plugin for Panorama.
The IPS Signature Converter plugin for
Panorama provides an automated solution for converting rules from
third-party intrusion prevention systems—Snort and Suricata—into custom Palo Alto Networks threat
signatures. You can then register these signatures on firewalls
that belong to device groups you specify and use them to enforce
policy in Vulnerability Protection and Anti-Spyware Security Profiles.
Snort and Suricata are open-source intrusion prevention systems
that use uniquely formatted rules to detect threats. Threat intelligence-sharing organizations
often distribute security advisories with these rules so that you
can implement the appropriate protections on your firewall. The
IPS Signature Converter plugin enables you to immediately act upon
these advisories and protect your network against any threats you
receive in Snort or Suricata format.
After you install the IPS Signature Converter plugin on Panorama,
you can upload rules for conversion and import them to your device
groups. You can also export rules containing indicators of compromise
(IOC) to a text file that you can use as an external dynamic list to
enforce policy on the entries that it contains.