you need to test the conversion prior to import

You would like to import SNORT rules but to comply with corporate policy you need to test
the conversion prior to import. How can you do this?

You would like to import SNORT rules but to comply with corporate policy you need to test
the conversion prior to import. How can you do this?

A.
Under the IPS tree Protections > By Protocol > IPS Software Blade > Application
Intelligence > SNORT import and select the SNORT import option.

B.
You must manually review each signature.

C.
SnortConvertor update -f <inputfile> –dry-run

D.
Check Point does not support third party signatures.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


JS

JS

The C is correct
Testing SNORT Rule Conversion
You can test the conversion before you update the IPS database.
To test the conversion:
SnortConvertor update -f –dry-run