Hi there,
We have maintain our own repository for malicious IPs and domains as well as MD5 hashes as Indicators of COmpromise. How can I create IPS rule so that those MD5 hashes will be blocked using IPS? As well can we create IPS rule so that malicious domains will fetched from our URLs or compared thus blocked?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So there is no way to block MD5 hashes on Fortinet using custom IPS signature?
http://help.fortinet.com/...0to%20their%20hash.htm
Great, very helpful pointer! You just can't read everything...
Now combine this with a script-creating script...though I guess if you need one signature per file you will run out of signatures soon.
edit: Not so soon in fact. The limit in FOS v5.4.4 is 256/512/1024 for desktop/medium/high-end FGTs. This is higher than it would make sense - to block more than just a handful of malware files you would consider a FortiSandbox or the FSA cloud.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.