Tag Archives: ips

A little bit about Firepower Network Analysis Policy (NAP)

We have previously talked about Intrusion Prevention Policy, or IPS, and saw how to configure and tweak the same. What we did not talk about and is closely tied to the IPS policy is Network Analysis Policy or NAP. So, … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire, Uncategorized | Tagged , , , , | Leave a comment

Sourcefire Correlation Policy – Compliance White Lists

We should have in mind that the Sourcefire is not by any means a SIEM solution. This correlation thing is most powerful weapon of SIEMs, but with Sourcefire we have the also some capability to correlate different events. The main … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , | 7 Comments

Upgrade Cisco Sourcefire to 6.0

Just a few days after we have upgraded our Sourcefire infrastructure to 5.4, Cisco released the 6.0 version. Before we do an upgrade, first let’s briefly check out what do we get with this major release: SSL Traffic inspection DNS-based … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 19 Comments

Sourcefire Fighting False Positives

One important thing when dealing with IPS is fighting False Positives. A false positive is not solely an IPS term, and I think it’s adopted from medicine. For example, when our MD is checking our blood for presence of some … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Sourcefire Event Filtering, Dynamic States, Alerting and Comments

We saw earlier how to create a custom signature in our Sourcefire system. Then we created a rule without tweaking it, but sometimes this is something we have to do in order to fight false positives or reduce amount of … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment

Connecting Sourcefire to SIEM with eStreamer

Currently we are satisfied with our Sourcefire set up. Our effort was not in vain. Let’s now connect our Sourcefire to the SIEM solution. Briefly, SIEM is an abbreviation of “Security Information and Event Management” and is a system that … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , | 1 Comment

Sourcefire Security Intelligence

Let’s talk a little bit about a nice capability of Sourcefire system called “Security Intelligence” (SI). With the SI we have the option to block the traffic based on its reputation, before it reaches detection engine. We had this functionality … Continue reading

Posted in ASA, Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 18 Comments