SCADA IPS signatures

santonic · ‎08-03-2016

How do I get SCADA signatures to my device?

In FortiGuard (https://fortiguard.com/encyclopedia) i can find some SCADA related IPS signatures.

But on my device I can't find any. I have IPS updated to the laest version and "Use extended IPS signature package" enabled.

What am I missing?

pcraponi · ‎08-03-2016

Hi,

[Using FortiOS 5.2.8] Menu: Security Profiles -> Intrusion Protection -> edit some profile -> on Filter Options click on ADVANCED -> On the new Application menu click on [Show more...] -> you will see "SCADA" filter. Disable all and let only SCADA to see the signatures.

Regards

Paulo R.

Regards, Paulo Raponi

santonic · ‎08-03-2016

Thank you for your answer. But on FortiOS 5.4.1 i can't find these filter options and 'advanced' option.

When I am editing IPS profiles i have sections "IPS signatures" (to add/change individual signatures) and "IPS Filters" (to work with filters). But when I try adding filter I have no 'advanced' option. If I chose modbus as protocol i have no signature, if i choose SCADA as application i have 2 signatures (both without SCADA string in name). While on FortiGuard list i can find about 30 signatures.

pcraponi · ‎08-03-2016

Create a new Filter inside the Profile. On Filter Edit, click on Add Filter and Application. Now you will see SCADA with 154 signatures:

https://s31.postimg.org/uddldc6ij/scada.jpg

Regards,

Paulo R.

Regards, Paulo Raponi

tom1o · ‎09-20-2016

Update FortiOS Update latest Next Gen. signatures

Im using Forti OS 5.2 and i got signatures from 104 channel which a Scada function is in my appliance.

SCADA IPS signatures

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website