Use these tuning parameters for enabling the OpenSignature parser, for configuring OpenSignature responses, and for enabling and configuring OpenSignature throttling.
Navigating in IPS Local Management Interface:
Navigating in SiteProtector™ Management: select the Tuning Parameters policy
Enable the OpenSignature parser to integrate the parser into PAM. When you enable the parser, the appliance processes your OpenSignature rules from the OpenSignatures page.
Parameter | Type | Default Value | Description |
---|---|---|---|
engine.opensignature.enabled | Boolean | True | Enables the OpenSignature parser. |
Parameter | Type | Default Value | Description |
---|---|---|---|
np.opensignature.user.response | String | DISPLAY:WithoutRaw | Defines the notification responses for OpenSignature rules. Valid notification responses are:
Example: np.opensignature.user.response=DISPLAY:WithouRaw,EMAIL:<myEmail>
|
np.opensignature.response | String | None | Defines the protection responses for OpenSignature rules. Valid protection responses are:
Example: np.opensignature.response=block
|
np.opensignature.quarantine.rule | String | None | Defines the quarantine parameters for the quarantine response. This parameter is only valid if the quarantine-traffic response is defined as part of the np.opensignature.response parameter. Valid
quarantine rule parameters are:
Example:
|
Enable throttling for OpenSignatures to control how the appliance reports duplicate OpenSignature events to IPS Local Management Interface and to SiteProtector.
Parameter | Type | Default Value | Description |
np.opensignature.throttle.time | Number | 0 | Enables throttling for OpenSignature rules and specifies the number of seconds to suppress the reporting of duplicate OpenSignatures. |