Configuring shared tuning

Use the Shared Tuning tab on your Network IPS appliance to list tuning parameters to ignore as protection against specific signatures: Client-Side attacks, Injection attacks, Malicious File Execution, and Cross-Site Request Forgery.

About this task

Navigating in IPS Local Management Interface: Secure Protection Settings > Security Modules > Web Application Protection

Navigating in SiteProtector™ Management: select the Web Application Protection policy

Use this page to reduce unwanted security alerts about valid web application requests. Enter the keyword or parameter name from the web application request. If the appliance detects the parameter name, it ignores it and does not create a security alert.

The parameter names entered on this page depend upon the network environment. Some common parameter names are foo, id, and arg. If you would like to analyze common parameter names found on your network, see Review Analysis and Diagnostics > Logs > Security Alerts. Within the alert details of detected web application security attacks, find the parameter name indicated by field:<keyword>.

Important: You cannot assign these signatures to a custom protection domain. They are automatically assigned to the global protection domain. In turn, SiteProtector heartbeats the WAP policy with the global shared tuning parameters to all the Network IPS appliances it manages.
Procedure
  1. Click the appropriate tab of the protection category you want to tune.
    Important: Before you modify any of the settings in Injection Attacks Tuning, please contact IBM® Security Support. See General support.
  2. Click the Add icon.
  3. In the Add window, type the appropriate parameter name.
  4. Click OK.
  5. (In only SiteProtector) import parameters from AppScan® if available.
    Remember: Like all parameters on the Shared Tuning tab, the appliance assigns parameters imported from AppScan to the global protection domain. SiteProtector heartbeats the WAP policy with the new global AppScan parameters to all the Network IPS appliances it manages.