What’s New in the IPS Signature Converter Plugin 1.0.3

Learn about the enhancements in the IPS Signature Converter plugin 1.0.3.
The IPS signature converter version 1.0.3 introduces the following capabilities:
Feature
Description
Port-Based SSL Signature Conversion
You can now convert SSL-based Snort and Suricata rules to SSL-based custom signatures by simply specifying the port as
443
.
Optimized Server to Client HTTP Rule Conversion
HTTP Snort and Suricata rules that are written for traffic flowing from server to client (
flow:to_client
) and that lack a content modifier now automatically convert to custom signatures with the
http-rsp-status-line
and
http-rsp-headers
contexts.
TLS Protocol and Sticky Buffer Support
You can now convert Suricata rules that use the
tls
protocol and that contain the following sticky buffer keywords:
  • tls.cert_issuer
  • tls.cert_serial
  • tls.cert_subject
  • tls.sni
  • tls.cert_fingerprint
  • file.data
Learn more about TLS sticky buffers in the Suricata documentation.

Recommended For You