How to View IPS Rule IDs included in Default IPS Rules?

Question

Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. 
 
 Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. 
 
 Having clicked into the Default options, it doesn't appear that you can then go into the individual categories and browse the included IPS rules. The custom IPS Policies do allow you to click into the individual setting and browse the rules and their associated ID's however. 
 
 Is there something I'm missing? It is dangerous to assume that this rule will already be included, and I'd like to be certain. 
 
 Many Thanks!

emmosophos · Accepted Answer

Hello Patrick, 
 Yes, you can go to System >> Backup & Firmware >> Pattern updates. There you will find IPS and Application signatures. 
 Regards,

emmosophos · Answer

Hello Patrick, 
 Thank you for contacting the Sophos Community. 
 The CVE was addressed on the Signature Pack x.19.15. 
 I am not sure though if you can check individually on each pre defined IPS rule, however for example each IPS has a Category, Severity, Platform, Target, 
 You could match the information on the signature 
 
 and then go to the Predifined IPS and match, for example the WAN to LAN IPS, has the Web Service signatures enabled, and this one matches the Category server-other, which matches the IPS. 
 
 Regards,

How to View IPS Rule IDs included in Default IPS Rules?

Top Replies