Tag Archives: ips

Sourcefire Correlation Policy – Compliance White Lists

We should have in mind that the Sourcefire is not by any means a SIEM solution. This correlation thing is most powerful weapon of SIEMs, but with Sourcefire we have the also some capability to correlate different events. The main … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , | 7 Comments

Upgrade Cisco Sourcefire to 6.0

Just a few days after we have upgraded our Sourcefire infrastructure to 5.4, Cisco released the 6.0 version. Before we do an upgrade, first let’s briefly check out what do we get with this major release: SSL Traffic inspection DNS-based … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 19 Comments

Sourcefire Fighting False Positives

One important thing when dealing with IPS is fighting False Positives. A false positive is not solely an IPS term, and I think it’s adopted from medicine. For example, when our MD is checking our blood for presence of some … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Sourcefire Event Filtering, Dynamic States, Alerting and Comments

We saw earlier how to create a custom signature in our Sourcefire system. Then we created a rule without tweaking it, but sometimes this is something we have to do in order to fight false positives or reduce amount of … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Connecting Sourcefire to SIEM with eStreamer

Currently we are satisfied with our Sourcefire set up. Our effort was not in vain. Let’s now connect our Sourcefire to the SIEM solution. Briefly, SIEM is an abbreviation of “Security Information and Event Management” and is a system that … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , | 1 Comment

Sourcefire Security Intelligence

Let’s talk a little bit about a nice capability of Sourcefire system called “Security Intelligence” (SI). With the SI we have the option to block the traffic based on its reputation, before it reaches detection engine. We had this functionality … Continue reading

Posted in ASA, Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 18 Comments

Sourcefire Custom IPS Signatures Using Signature Editor

Up until this point we relied on Cisco/Sourcefire to provide us with signatures that will protect our network. But, at some point in our IPS expert career the need will arise to create our own signatures. This time we will … Continue reading

Posted in Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , , | 6 Comments