Example custom IPS signatures

There is a section in the online help to write your own IPS signatures.

https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/IPSCustomPatternSyntax.html

Hi. Thanks for the reply. Yes I saw the patterns but I was more interested in seeing some examples, particular the ones than come as part of the default WAN->LAN setup. Because we've had some seemingly SQL injections that don't seem to have been detected so I was looking to see the default signatures as possible templates for our own.

Hi. Thanks for the reply. Yes I saw the patterns but I was more interested in seeing some examples, particular the ones than come as part of the default WAN->LAN setup. Because we've had some seemingly SQL injections that don't seem to have been detected so I was looking to see the default signatures as possible templates for our own.

Hi,

is this server open to the internet via a WAF rule or purely internal? If internal you are using the wrong IPS policy you should be using LAN-WAN policy.

Ian

Hi,

It's a publicly available server open to the internet, with us configuring the IPS part of the firewall rule for the server as WAN->LAN.

 Dave

OK so I think I may be able to use https://www.snort.org/downloads/#rule-downloads as a source of some examples.

Thanks for replies.