What’s New in the IPS Signature Converter Plugin 1.0.2

Learn about the enhancements in the IPS Signature Converter plugin 1.0.2.
The IPS signature converter version 1.0.2 introduces the following capabilities:
Feature
Description
Support for SMB Protocol
For coverage of SMB-based threats, you can now convert Snort and Suricata rules that use the
smb
protocol. Also, rules with
port 445
now convert to SMB or MSRPC custom signatures.
Support for New Suricata Sticky Buffer Keywords
For better coverage of threats identified by Suricata rules, the converter now supports the following HTTP sticky buffer keywords:
  • http.method
  • http.user_agent
  • http.host
Improved HTTP Signature Conversion
You can now convert HTTP-based Snort and Suricata rules to HTTP-based custom signatures by simply specifying the port as
HTTP_PORTS
or by using the protocol
http
.

Recommended For You