Focus

VM-Series and Panorama Plugins Release Notes

What’s New in the IPS Signature Converter Plugin 2.0.2

Table of Contents

What’s New in the IPS Signature Converter Plugin 2.0.2

Learn about the enhancements in the IPS Signature Converter plugin 2.0.2

The IPS signature converter version 2.0.2 introduces the following capabilities:

Feature	Description
SMTP protocol Support	You can now convert Snort rules using the SMTP protocol. Example rule to detect SMTP traffic: alert smtp $EXTERNAL_NET any -> $HOME_NET any ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;) Support to convert rules with port 25 as SMTP protocol. alert tcp $EXTERNAL_NET any -> $HOME_NET 25 ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;)
FTP protocol Support	You can now convert Snort rules using the FTP protocol. Example rule to detect FTP traffic: alert ftp $EXTERNAL_NET any -> $HOME_NET any ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;) Support to convert rules with port 20 as FTP protocol: alert tcp $EXTERNAL_NET 20 -> $HOME_NET any (msg:"ET ADWARE_PUP Abox Download"; flow:established,to_server; content:"\|5c 00 43 00 61 00 72 00 6d 00 65 00 6e 00 00 00 16 00 00 00 73 00 75 00 63\|"; nocase; offset:160; depth:26; reference:url,doc.emergingthreats.net/bin/view/Main/2001440; classtype:pup-activity; sid:2001440; rev:7; metadata:created_at 2010_07_30, former_category ADWARE_PUP, updated_at 2010_07_30;) Support to convert rules with port 21 as FTP protocol: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 ( msg:"INDICATOR-COMPROMISE FTP 'CWD / ' possible warez site"; flow:to_server,established; content:"CWD",nocase; content:"/ ",distance 1; metadata:ruleset community; classtype:misc-activity; sid:545; rev:9; )

Feature

Description

SMTP protocol Support

You can now convert Snort rules using the SMTP protocol.

Example rule to detect SMTP traffic:

alert smtp $EXTERNAL_NET any -> $HOME_NET any ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;)

Support to convert rules with port 25 as SMTP protocol.

alert tcp $EXTERNAL_NET any -> $HOME_NET 25 ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;)

FTP protocol Support

You can now convert Snort rules using the FTP protocol.

Example rule to detect FTP traffic:

alert ftp $EXTERNAL_NET any -> $HOME_NET any ( msg:"test snort rule"; flow:to_server,established; content:"testing1"; nocase; sid:00001; rev:1;)

Support to convert rules with port 20 as FTP protocol:

alert tcp $EXTERNAL_NET 20 -> $HOME_NET any (msg:"ET ADWARE_PUP Abox Download"; flow:established,to_server; content:"|5c 00 43 00 61 00 72 00 6d 00 65 00 6e 00 00 00 16 00 00 00 73 00 75 00 63|"; nocase; offset:160; depth:26; reference:url,doc.emergingthreats.net/bin/view/Main/2001440; classtype:pup-activity; sid:2001440; rev:7; metadata:created_at 2010_07_30, former_category ADWARE_PUP, updated_at 2010_07_30;)

Support to convert rules with port 21 as FTP protocol:

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 ( msg:"INDICATOR-COMPROMISE FTP 'CWD / ' possible warez site"; flow:to_server,established; content:"CWD",nocase; content:"/ ",distance 1; metadata:ruleset community; classtype:misc-activity; sid:545; rev:9; )

Panorama IPS Signature Converter Plugin 2.0.2

Known Issues in the IPS Signature Converter Plugin 2.0.2

VM-Series and Panorama Plugins Release Notes

What’s New in the IPS Signature Converter Plugin 2.0.2

What’s New in the IPS Signature Converter Plugin 2.0.2

Recommended For You