Easy Rules Manager (Snort)
Easy Rules Manager
Defence in Depth is still the most effective way to ensure that valuable corporate data is protected from the most sophisticated Cyber Attacks. Having multiple Firewall and Sensor deployments at strategic points around the IT network, will deter even the most determined Cyber Criminals from trying to gain entry.
The downside of using the Defence in Depth methodology is the cost of this equipment can be high and the management of Rules on the Sensors is near impossible. Many enterprise networks have turned to the very powerful Open Source Sensor, SNORT® to help reduce deployment costs.
Subscribing to Rules Feeds from companies such as idappcom, (IPS Security Rules) and VRT (Open), will ensure that these Sensors are protecting enterprise Servers against the very latest exploits. There will also be a need to compliment those feeds with custom rules that are specific to the networks on which they are deployed, but the cost saving can be huge.
Managing rules from many sources and getting the right rules to the right Sensors on the network is paramount to making this deployment scenario successful. Any changes or updates to rules, have to be deployed to each Sensor quickly and in parallel to be valuable to a Defence in Depth plan.
Until now there has been no single tool that has been effective in being able to centrally manage sets of rules and keep all Sensors updated simultaneously.
idappcom realised this dilemma and started to develop a tool, with the hope of producing a cost effective application that would solve this problem for the users of Snort® in multi Sensor environments.
The Easy Rules Manager (Snort) is now available with the following functions:
- Microsoft Windows Application (GUI).
- Centralised Management of Snort Rules for Multiple User Access.
- Local or Remote Database Connectivity (MS SQL or MySQL Compatible).
- Dashboard View for Statistical Database Overview.
- Rules Library.
- Manual or Scheduled Rules Download & Importing.
- Import Rules from Multiple Sources.
- Oinkcode Compatible Rules Downloads.
- User Defined Rules Import Options.
- Custom Rules Creation.
- Rules Editing & Cloning.
- Rules Sorting & Filtering.
- Policy Manager.
- Custom & Automatic Policy Creation.
- Sensor Manager.
- Manual or Scheduled Rules Deployment to Multiple Remote IDS/IPS Sensors (by Site).
- User Defined Rules Deployment Options.
- Consolidate Orphaned Flowbits Rules.
- Secure Shell (SSH) Communication to Remote IDS/IPS Sensors.
- Local IDS Sensor.
- Local Rules Testing & Tuning.
- SysLog Server.
- Alert to Rule Correlation.
- Alert to 'WhoIs' Lookup.
- Alert to Wireshark Filter Option.
- User Audit & Logging.
- Report Viewer.
A series of easy to follow video tutorials covering all aspects of the Easy Rules Manager are available to watch online right now.
The Easy Rules Manager is part of a set of tools that increase your ability to avert risk.
- Traffic IQ Professional - The tool to penetration test a device or network under test and identify potential risks by actual exploit
- Traffic IQ Gateway - The tool to apply evasion techniques to ANY traffic and further test the mitigation capabilities of your defences
- And now the Easy Rules Manager