issPolicy 1.01 review
Download
|
|
issPolicy is a free open-source utility for converting an ISS RealSecure Network Sensor and ISS Proventia Inline Appliance Policy to a static HTML file.
Written in Perl, issPolicy allows for granular parsing of ISS RSNS and ISS Proventia policies (also refer to the "support" section), and supports a wide variety of features (see "features" section) allowing the HTML generation to be customized based on different policy parameters.
Here are some key features of "issPolicy":
issPolicy automatically detects whether the policy is a ISS RealSecure Network Sensor or ISS Proventia Inline Appliance policy and generates a static HTML file based on the policy type and its features.
issPolicy extracts the following information from the ISS RealSecure Network Sensor Policy:
Signatures Policy (Signature Name, Signature Description, Signature Status, Signature Priority, Configured Responses, Logging Type)
IP Filters Policy (Filter Name, Filter Description, Filter Status, Protocol, Source Address, Source Port, Destination Address, Destination Port)
Event Filters Policy (Filter Name, Filter Description, Filter Status, Filtered Event, Source Address, Source Port, Destination Address, Destination Port)
issPolicy extracts the following information from the ISS Proventia Inline Appliance Policy:
Signatures Policy (Signature Name, Signature Description, Signature Status, Signature Priority, Configured Responses, Logging Type, Drop Options, DynamicBlock Options)
IP Filters Policy (Filter Name, Filter Description, Filter Status, Protocol, Source Address, Source Port, Destination Address, Destination Port)
Event Filters Policy (Filter Name, Filter Description, Filter Status, Filtered Event, Source Address, Source Port, Destination Address, Destination Port)
issPolicy contains various useful options allowing for a tailored HTML Policy file to be generated, based on one or more of the following criteria:
Signature Policy Criteria:
Whether signature is enabled or disabled
Based on signature priority (High, Medium, or Low)
Whether drop is enabled [only on ISS Proventia Inline Appliance Policies]
Based on drop options (ConnectionWithReset, Connection, or Packet) [only on ISS Proventia Inline Appliance Policies]
Whether dynamicblock is enabled [only on ISS Proventia Inline Appliance Policies]
Based on dynamicblock options (IsolateTrojan, BlockWorm, BlockIntruder) [only on ISS Proventia Inline Appliance Policies]
IP Filter Policy Criteria:
Whether IP filter is enabled or disabled
Event Filter Policy Criteria:
Whether Event Filter is enabled or disabled
issPolicy uses an "API" structured format, pushing the entire policy to hash arrays, allowing the possibility for other output methods to be developed (CSV, XML, etc...)
issPolicy 1.01 keywords