Hoping for some help on this one. If anyone is familiar with how to create custom IPS rules in Sophos XG...
I know there are some IPS rules already for this CVE, but I saw on our web server that the pattern is changing.
How can I make a custom rule that will block something like this that's being seen in IIS logs?
${jndi:${lower:l}${lower:d}a${lower:p}
I'm not sure of the syntax needed to put that into the firewall. Also I couldn't really tell what patterns the other 3 IPS rules are using.
Some step by step instructions would be good and would probably help out others as well.
Thanks!
This thread was automatically locked due to age.
