DilanUA
commented
2 years ago @jayhuang-suse @becitsthere @garyduan
Open udith6415 opened 2 years ago
DilanUA
commented
2 years ago @jayhuang-suse @becitsthere @garyduan
DilanUA
commented
2 years ago @jayhuang-suse @becitsthere @garyduan Any update on this?
garyduan
commented
2 years ago The DPI function is capable of supporting the function and we have thought about the options. The decision is that in order to put this in the roadmap, we need more concrete user requirements.
udith6415
commented
2 years ago @garyduan as per my knowlege most of the opensource network security devices/softwares uses rulesets and implementations such as snort (Single threaded) or suricata (Multi Threaded) or ET rulesets (proofpoint's) in order to cater out IDS/IPS capabilities [1][2] [3]. Basically these rules gets update periodically in order to address new threats. Having this kind of integration would allow Neuvector to address newer threats whithout users manually re-engineering regexes as well as enable rules to get automatically finetuned if there are false possitives. Having this would be a competitive advantage for Neuvector given its unique way of the WAF implemetation based on Deep Packet Inspection.
[1] https://docs.opnsense.org/manual/ips.html [2] https://docs.netgate.com/pfsense/en/latest/packages/snort/index.html [3] https://documentation.wazuh.com/current/proof-of-concept-guide/integrate-network-ids-suricata.html
Is your feature request related to a problem? Please describe. Since neuvector is doing analyisis based on DPI (Deep Packet Inspection) technologies, is there any way to accomodate external feeds like snort, suricata, ET rulesets as WAF/DLP regexes?
This would enable Neuvector to act as a IDPS based on these feeds which are peridodically updating to address newer exploitations while protecting workloads proactively with its own capabilities.