Easy Rules Creator (Snort)
In today's constantly changing threat landscape it is essential to ensure your network security sensors are regularly assessed and updated to be able to recognise and block the latest exploit and malware traffic. Idappcom's Traffic IQ assessment tool can tell you if your NGFW or IPS device is providing the level of cyber-protection you need and includes access to an extensive library of ready to deploy rule-updates to help fix any problems.
However, although there are over 12,000 exploit files and associated rule updates in the library, with around 200 new rules added each month, there may be times when you want to create your own rules or edit an existing rule to your own specifications to help minimise false positives or increase the detection capability.
Writing rules can be a tedious and frustrating task, syntax and formatting is error prone when creating or editing rules. Easy Rule Creator is designed for security professionals and can help to dramatically reduce the time and effort needed to produce, test and rapidly deploy rules to minimise the risk of a damaging security breach.
Easy to Use
The ERC interface is designed to make rule creation and editing as easy as possible. The step by step process allows you to select the Snort keyword options from drop-down menus and check boxes and watch your rule being built in real-time.
Badly formatted rules can create performance issues and may lead to false-positive content matches. Using ERC you can test your regular expression using the built in Regex tester and save the results back to your rule as well as check your rule for common formatting and syntax mistakes before deploying in your production environment.
Watch our video to see the ERC in action.