Network Security: Full IPS Rule List in WebAdmin
If I want to manually build a logging filter for an intrusion protection rule, currently I have to look up the IPS rule code in your online documentation, then enter that numeric code on the Astaro box. Fast forward a few months, when I look at my manual entry, if I want to know what I was up to with that rule, I have to go back to your online documentation and look up that numerical code to see what it was for. This is very crude.
It would be best to have an interface showing all the available IPS rules, and the explanation for each, with a proper means of selecting those for filtering protection.
Sascha Paris commented
Absolutely agree. There is actually no way to find out if a new widespread zero day exploit / vulnerability is around, if the IPS protects against it or not. Last sample was for example 0 day 1.7u10 (CVE-2013-0422)...And the latest update of the ips pattern list under www.astaro.com lists is from sept. 2012...
Please also enhance the list with the defined action for a sid (alert, drop) to find out, which SID's are informative, which dropped something.
charles sterling commented
Need to be able to extract data by rule or function (i.e. country block, etc.) so that all of one issue can be assessed w/o spending hours digging through a spreadsheet.