request security idp jist-conversion
Syntax
request security idp jist-conversion <input-file> <output-file>
Description
Use the request security idp jist-conversion command to generate the set commands. These set commands are generated as the CLI output.
Juniper Integration of Snort Tool (JIST) is a tool that converts the Snort IPS rules into Juniper IDP custom attack signatures. JIST is included in Junos OS by default. The tool supports Snort version 2 and version 3 rules. JIST converts the Snort rules with snort-ids into equivalent custom attack signatures on Junos with respective snort-ids as the custom attack names, JIST generates set commands equivalent to the Snort IPS rules. To load the set commands, use the load set terminal statement or copy the commands and paste in the configuration mode, then commit. You can then configure the existing IDP policy with the converted custom attack signatures.
Snort IPS rule files that are not converted are placed at /tmp/jist-failed.rules. The error log files generated during the conversion are placed at /tmp/jist-error.log.
Options
Input-file (Mandatory)— |
Specifies the pathname of the snort file that needs to be processed. For example, /var/tmp/snort_rule.rules. |
Output-file (Optional)— | Writes the set commands into a file. You can load the set commands using load set <output-file> configuration statement. |
Required Privilege Level
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request security idp jist-conversion
user@host> request security idp jist-conversion input-file /var/preserve/s.rules
set security idp custom-attack TCP-SNORT-77600859 severity minor set security idp custom-attack TCP-SNORT-77600859 attack-description "Backdoor.BEACON" set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m01 attack-type signature context stream set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m01 attack-type signature direction server-to-client set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m01 attack-type signature content pattern "<meta name=\"msvalidate\.01\" content=\"ECEE9516DDABFC7CCBBF1EACC04CAC20\">" set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m02 attack-type signature context stream set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m02 attack-type signature direction server-to-client set security idp custom-attack TCP-SNORT-77600859 attack-type chain member m02 attack-type signature content pattern "<meta name=\"google-site-verification\" content=\"CD5EF1FCB54FE29C838ABCBBE0FA57AE\">" set security idp custom-attack TCP-SNORT-77600859 attack-type chain protocol-binding tcp minimum-port 1 maximum-port 65535
Release Information
Command introduced in Junos OS Release 21.1R1.