An alchemists view from the bar

Network Security Alchemy

Archive for October 2009

Sourcefire Quick Tip: Custom RNA Service Detection

with 2 comments

As part of my Sourcefire “Quick Tip” series, a new video has been uploaded by our marketing guru’s to YouTube.

This time I ramble on about creating custom service detectors for Sourcefire’s RNA engine. This allows you to detect the network applications  in use on your network and track them in the context of IPS events, real-time network change detection, Service and host white-listing as well as general network mapping.

I hope it’s of use to you out there. I haven’t got my next quick-tip subject planned yet, so if anyone has a suggestion please let me know.

RNA Custom Services

Adding RNA Custom Services

If you would like to learn more about RNA, take a read here.



Written by leonward

October 26, 2009 at 11:55 am

Posted in Sourcefire

Sourcefire Quick Tip: Host Input API and HippiEd

with one comment

The on-line marketing team over at Sourcefire’s world domination HQ asked me to throw together some content for our Facebook / Youtube pages.

The result is a series of video quick tips showing some rarely talked about features of Sourcefire’s products. The first video is now available on the Youtube channel and Facebook page. The tool mentioned is available here.



Expect a few more over the next couple of weeks.


Written by leonward

October 14, 2009 at 8:41 am

Posted in Security, Sourcefire