What’s New in the IPS Signature Converter Plugin 2.0.3
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What’s New in the IPS Signature Converter Plugin 2.0.3
Learn about the enhancements in the IPS Signature Converter plugin 2.0.3
The IPS signature converter version 2.0.3 introduces the following
capabilities:
| Feature | Description |
|---|---|
|
Support for Startswith and
Endswith keywords
|
For better coverage of threats identified by Suricata rules, the
converter now supports the following payload keywords:
The startswith and endswith
keywords are ignored to prevent false-postives that might
occur [due to pattern match discrepancies]. Both keywords accept no arguments and must follow the
content keyword.
Example usage for startswith, which modifies the
content to match at the start of the buffer:
startswith is shorthand notation for:
Example usage for endswith, which modifies the
content to match at the end of the buffer:
|
|
Support DNS protocol and keyword dns_query
|
For coverage of DNS-based threats contained in DNS requests, you
can now convert Snort and Suricata rules that use the DNS
protocol, which can be used in conjunction with the new keyword
dns_query to inspect DNS request
queries.
The dns_query keyword requires the
installation of content update 8770-8365 or later. Refer to
Install Content
Updates for more information about installing the
Applications and Threats content update package. Example rule to detect DNS queries contained in DNS traffic:
|