1 Reply Latest reply on Jan 9, 2012 1:22 AM by rangerlj

    Sharing HIPS Signatures based on high profile threats

      Hey Everyone,

       

      I was curious to see if anyone knows of any good online resources for sharing/posting HIPS signatures based on some of the more high profile attacks.  For example we can look at a recent attack with Adobe PDF (CVE 2011-2462) and it dropped files (Pretty.exe and easy.exe) in the temp folder.  Creating HIPS rules for this activity to log or block is very beneficial depending on who you are defending.

       

      If you have resources for creating HIPS signatures for some of the high profile threats please let me know (I realize making HIPS rules for all attacks isn't feasible).  I am looking to ramp up HIPS signature creation so if you are interested in benefiting from HIPS sigs created from threat intel in the future please let me know.  Maybe we can setup some way to share lessons learned/a Sticky thread on this forum.

       

      Food for thought, please let me know what you think.

       

      Thanks!

       

      Message was edited by: amcnic1 on 1/7/12 11:09:13 PM CST