: What’s New in the IPS Signature Converter Plugin 1.0.3
Focus
Focus

What’s New in the IPS Signature Converter Plugin 1.0.3

Table of Contents

What’s New in the IPS Signature Converter Plugin 1.0.3

Learn about the enhancements in the IPS Signature Converter plugin 1.0.3.
The IPS signature converter version 1.0.3 introduces the following capabilities:
Feature
Description
Port-Based SSL Signature Conversion
You can now convert SSL-based Snort and Suricata rules to SSL-based custom signatures by simply specifying the port as
443
.
Optimized Server to Client HTTP Rule Conversion
HTTP Snort and Suricata rules that are written for traffic flowing from server to client (
flow:to_client
) and that lack a content modifier now automatically convert to custom signatures with the
http-rsp-status-line
and
http-rsp-headers
contexts.
TLS Protocol and Sticky Buffer Support
You can now convert Suricata rules that use the
tls
protocol and that contain the following sticky buffer keywords:
  • tls.cert_issuer
  • tls.cert_serial
  • tls.cert_subject
  • tls.sni
  • tls.cert_fingerprint
  • file.data
Learn more about TLS sticky buffers in the Suricata documentation.

Recommended For You