Excuse me, how to upload and insert snort rules to my Sophos Firewall X85 ?
1. I have snort rules list as .txt, but I couldn't find a method to insert it. Does you support snort rules?
2. I tried to use API like { https://<Sophos IP>:<port>/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password passwordform="encrypt">my password</Password></Login></Request> } but it failed. I thought the encrypted password is wrong because I used unencrypted password. Where to find it and the API document with example.
3. How to convert the snort rule txt format to API XML format or use command line to use it ?
such like:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"APP-DETECT TeamViewer remote administration tool outbound connection attempt"; flow:to_server; content:"client=DynGate"; fast_pattern:only; http_uri; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,en.wikipedia.org/wiki/TeamViewer; classtype:policy-violation; sid:34463; rev:1;)
# alert tcp $HOME_NET any -> any //not using rule
alert udp $HOME_NET any -> any 53 (msg:"APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|05|dfgvx|03|com|00|"; fast_pattern:only; metadata:policy security-ips drop, service dns; reference:url,wikipedia.org/wiki/Freegate; classtype:misc-activity; sid:27984; rev:1;)
This thread was automatically locked due to age.
