Intrusion Detection and Prevention
-
Support for Perl-compatible regular expression (PCRE) version 8.40 (SRX Series and NFX Series)—Starting in Junos OS Release 21.1R1, we’ve upgraded the codebase of intrusion detection and prevention (IDP) from PCRE version 5.40 to PCRE version 8.40. As PCRE version 8.40 supports new regex constructs, this upgrade enhances the capability of Junos OS IDP attack signatures to match regular expressions. With this upgrade, we've also addressed security vulnerabilities in the Junos OS PCRE codebase.
[See pattern-pcre (Security IDP).]
-
Support for Snort IPS signatures (SRX Series and NFX Series)—Starting in Junos OS Release 21.1R1, Juniper Networks IDP supports Snort IPS signatures. IDP secures your network by using signatures that help to detect attacks. Snort is an open-source intrusion prevention system (IPS). You can convert the Snort IPS rules into Juniper IDP custom attack signatures using the Juniper Integration of Snort Tool (JIST). These rules help detect malicious attacks.
- JIST is included in Junos OS by default. The tool supports Snort version 2 and version 3 rules.
- JIST converts the Snort rules with snort-ids into equivalent custom attack signatures on Junos OS with respective snort-ids as the custom attack names.
- When you run the
request
command with Snort IPS rules, JIST generatesset
commands equivalent to the Snort IPS rules. Use therequest security idp jist-conversion
command to generate theset
commands as CLI output. To load theset
commands, use theload set terminal
statement or copy and paste the commands in the configuration mode, and then commit. You can then configure the existing IDP policy with the converted custom attack signatures. - All the Snort IPS rule files that didn’t get converted are written to /tmp/jist-failed.rules. The error log files generated during the conversion are written to /tmp/jist-error.log.
- To view the jist-package version, use the
show security idp jist-package-version
command.
[See Understanding Snort IPS Signatures, request security idp jist-conversion , and show security idp jist-package-version .]