Dear all,
How can we verify the MX Intrusion Prevention Rules is updated from SNORT? How can we verify that MX has rules or a rule to protect the recently CVE-2021-34481 or any other CVE?
Thank you and appreciate your advice,
Natthaphol.
To see the version:
Go to event log.
Filter on "Intrusion detection rules update"
Thanks, WW,
How can I verify the rules for CVE, ex CVE-2021-34481?
Natthaphol.
the rules are from snort.
you can search there https://snort.org/
these are latest changes/additions
https://snort.org/advisories/talos-rules-2021-07-13
Dear ww,
Thanks for your tip. But how can we make sure that the rule or rules are actually on MX?
Natthaphol
You can't verify that a specific CVE is included in a specific update. You can only go by the ruleset definitions:
In short summary (make sure you read the whole definition - this is just to give you a quick feel):
ps. We use "Security" for everyone of our customers. Works great.
I note that this CVE currently has a rating of 7.8 - so there is no profile that will block it.
https://nvd.nist.gov/vuln/detail/CVE-2021-34481
Note that the score can go up and down. I suspect it might only be 7.8 because patches are available and the limited circumstances in which it can be used.
Dear Philip,
Thanks for your explanation. Can we verify the CVE[s] include in the MX appliance box?
And in the case of CVSS score change, how does the MX verify the CVSS score of specific CVE to prevent the threats?
Thanks,
Natthaphol.
Interesting, running this in the event log, my MX84 hasn't had an update since April 30th...