IDappcom PCAPs (Packet CAPture)
Our PCAP file contains the stream of data packets that computers send to each other on a network to communicate. Idappcom can provide unencrypted PCAPs that contain examples of malicious actors exploiting vulnerabilities which can be used to trigger our security rules, as well as ordinary benign traffic for configuration testing purposes.

 

IDappcom Traffic Files
Idappcom provide our PCAP files in a proprietary encrypted file format, KAR, which prevents overzealous virus scanners from inspecting and deleting them. These files are replayed using our TrafficIQ software, which can be used to determine the threat response of your corporate IDS and IPS (Intrusion Detection/Prevention Systems) as well as the routing configuration of your other networking infrastructure.

 

IDappcom Security Rules
Most of idappcom's PCAPs have one or more associated SNORT signatures. These 'security rules' are written in the standard SNORT syntax, and are used to detect the exact vulnerability contained in the traffic file. Our rules can be provided as a text file, or in a MSAccess database, and can be loaded straight into Snort compatible IDS and IPS system as is, requiring minimal additional configuration.

 

IDappcom Library
The complete Idappcom Library contains our full complement of PCAP/KAR files and SNORT security rules, and includes additional metadata describing each vulnerability (ie filename, threat name, description, publish date, CVSS scores, severity rating, attack type, category, impact, protocol, and other external references). It can be made available as a MS Access database, or via JSON API.

​

Why IDappcom Rules?

Our Rules are based on real live exploits, Expert Research, Intelligence, and Years of Experience

 

Accurate and appropriate Updates

Idappcom rules are researched by a dedicated team who prove the exploit exists, works and is in the wild, then they are published to select vendors to include in their device updates. We can assure you that not all rules are published by the vendors, mainly due to performance constraints, and not all vendors use our rules of course. So, to have complete peace of mind you need Idappcom rules management and our pen testing tools to reduce your risks.

​

The issue is defining and understanding the difference between actual exploits, and malware, versus blacklists. When you get that you can start to see the effectiveness of the rules against the usefulness of the blacklists. You need both, but you need to manage them both and not get into a numbers game.

​

Complete Intelligence

Our unmatched library of current and historical exploit information (over 21,000 actual proven exploits), is constantly updated with new PCAPs. It is this testing experience used by all the top IPS/NGFW vendors that gives us a complete platform for building our comprehensive detection and prevention rules. It is our IQ that provides the basis for the rules, and the feedback from the top vendors that helps us to hone those rules to perfection.

​

Thorough Coverage

In addition to offering the most complete exploit detection and prevention coverage, Idappcom includes protection against not just the exploitable vulnerabilities (as opposed to vulnerabilities that have no exploit!), but the many variants and morphing of those exploits making it a full-featured rule set. We do not try to guess what an exploit might look like for a vulnerability that really has no exploit. Just look at the informative CVE database and analyse how many CVEs have an exploit, not many.

​

Idappcom Rulesets work on SNORT®, and many other IDS platforms. With Idappcom you get truly thorough and comprehensive coverage trusted by the top IPS/NGFW vendors in the world.