Intrusion Detection Rules in True Protection

The Intrusion Detection System (IDS) in True Protection by Jag monitors network traffic for suspicious patterns that may indicate an attack in progress. The IDS uses a combination of signature-based and behavioral detection to identify threats.

Detection Methods

Signature-Based Detection: Compares network traffic against a database of known attack signatures. Effective against well-documented exploits and malware communication patterns.
Anomaly Detection: Uses JagAI to establish a baseline of normal network behavior and alerts on significant deviations that could indicate new or unknown attacks.
Protocol Analysis: Inspects network protocols (HTTP, DNS, SMTP, FTP, SMB) for protocol violations and malformed packets that often accompany exploit attempts.
Heuristic Rules: Custom rules that combine multiple indicators to detect complex attack patterns that no single signature would catch.

Managing IDS Rules

Step 1: Navigate to Network > Intrusion Detection.
Step 2: Browse rules by category: Exploit Detection, Malware Traffic, Policy Violations, Reconnaissance, and Custom.
Step 3: Enable or disable individual rules or entire categories.
Step 4: Adjust rule severity and action (Alert Only, Alert and Block, or Silent Log).

Custom Rules

Advanced users can write custom IDS rules using the Suricata-compatible rule syntax. Navigate to Network > Intrusion Detection > Custom Rules to add your own detection rules. True Protection validates custom rules before activation to prevent syntax errors from disrupting network operations.