Forum Discussion
CirrocumulusYARA and SNORT Conversion to ASM/AWAF Custom Signatures
Hi,
Does anyone have any links or knowledge around converting YARA and/or SNORT rules into ASM/AWAF custom signatures? Using 15.1.5 at the moment but was curious if this has been successful. I've seen this with AFM but not with ASM/AWAF:
Any help is greatly appreciated!
2 Replies
CA_ValliMVP
Hi, there's a section in "Attack Signatures" database menu that allows you to create default WAF signatures. From "Advanced" options you can use SNORT syntax as well.
I'm going by memory, but it should be something like Security/Options/Application Security/Attack Singatures/Attack Signature List , then "create". (from the environents I manage I see that this menu keeps changing position in major versions ... hope I'm right 😄 )
- Lidev
Nacreous
Hi,
You can use ipp option to create custom bot signature (The ipp option is analogous to the Snort keyword pcre)
more details here : Asm Attack and bot signatures syntax
Regards
