: About the IPS Signature Converter Plugin
Focus
Focus

About the IPS Signature Converter Plugin

Table of Contents

About the IPS Signature Converter Plugin

Learn about the IPS Signature Converter plugin for Panorama.
The IPS Signature Converter plugin for Panorama provides an automated solution for converting rules from a third-party intrusion prevention system (IPS)—Snort or Suricata—into custom Palo Alto Networks threat signatures. You can then register these custom signatures on firewalls that belong to device groups you specify and use the signatures to enforce policy in Vulnerability Protection and Anti-Spyware Security Profiles.
Snort and Suricata are open-source IPS tools that use uniquely formatted rules to detect threats. Organizations that share threat intelligence often distribute security advisories with these rules to help you implement the appropriate protections on your firewall. The IPS Signature Converter plugin enables you to immediately act upon these advisories and protect your network against any threats you receive in Snort or Suricata format.
After you install the IPS Signature Converter plugin on Panorama, you can upload rules for conversion and import them to your device groups. You can also export rules containing indicators of compromise (IOC) to a text file that you can use as an external dynamic list to enforce policy on the entries contained in the list.