Category Archives: Security

Upgrade Cisco Sourcefire to 6.0

Just a few days after we have upgraded our Sourcefire infrastructure to 5.4, Cisco released the 6.0 version. Before we do an upgrade, first let’s briefly check out what do we get with this major release: SSL Traffic inspection DNS-based … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 19 Comments

Installing Custom Certificate on FireSight Defense Center

We are using Cisco FirePOWER services for quite some time and we are almost gurus. But one thing keeps annoying us every day: a certificate warning when we access web interface of our Defense Center (DC): This happens because the … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Cisco Sourcefire 5.3.x to 5.4.x Upgrade

I was thinking whether or not publish this one. Upgrading FirePOWER from 5.3.x to 5.4.x is perhaps most trickier of all upgrades I have ever done. Now, wait a sec, somebody will say, upgrade the DefenseCenter and then upgrade SFR … Continue reading

Posted in FirePOWER, IPS, Security, Sourcefire | Tagged , , , , | 24 Comments

Client side exploitation attacks

Let’s take a short break from Sourcefire and talk a little bit about client side exploitation. Don’t worry, we will go back to SF soon. So, what is client side exploitation? Well, let’s talk a little bit about “regular” exploitation. Perhaps … Continue reading

Posted in Metasploit, PENTEST, Security | Tagged , , , | Leave a comment

Sourcefire Fighting False Positives

One important thing when dealing with IPS is fighting False Positives. A false positive is not solely an IPS term, and I think it’s adopted from medicine. For example, when our MD is checking our blood for presence of some … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Sourcefire Event Filtering, Dynamic States, Alerting and Comments

We saw earlier how to create a custom signature in our Sourcefire system. Then we created a rule without tweaking it, but sometimes this is something we have to do in order to fight false positives or reduce amount of … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Connecting Sourcefire to SIEM with eStreamer

Currently we are satisfied with our Sourcefire set up. Our effort was not in vain. Let’s now connect our Sourcefire to the SIEM solution. Briefly, SIEM is an abbreviation of “Security Information and Event Management” and is a system that … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , | 1 Comment