A collaboration of four senior members of the Cisco IPS signature team recently culminated in the public release of a guide on writing custom signatures for Cisco IPS, the #1 IPS platform of the Internet. The idea behind this move is to give our customers an easier way to develop their own signatures, allowing them to more easily discover and block unwanted traffic in their networks. At the same time it helps in understanding existing signatures written by members of the IPS signature team.
While the current release of the guide should be a great start for aspiring signature developers, we do know it’s not complete, and it will probably never fully cover the art of writing high quality signatures. What we are looking forward to is feedback from all of you on sections that are unclear, or even missing. Tell us what else you would like to see covered in this guide, be it details on using other engines, combining several partial signatures into one highly effective attack-stopper, or anything else related to the development of IPS signatures.
Here’s the link:
Writing Custom Signatures for the Cisco Intrusion Prevention System