Configuring OpenSignature rules

Use the OpenSignatures page to write pattern-matching signatures that detect specific threats for your Network IPS appliance.

About this task

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > OpenSignatures

Navigating in SiteProtector™ Management: select the OpenSignature Events policy

Procedure
  1. Click the Add icon.
  2. Set the following:
    Option Description
    Enabled Enables the rule.
    Comment Specifies a unique description for the rule.
    Rule String Specifies the criteria the appliance monitors for as it inspects traffic that could trigger the OpenSignature event.
  3. Click OK.
  4. (Optional) Select the rule and click the Up or Down arrows to place the rule in the order you want it to process.

What to do next

For OpenSignatures to work, you must enable the OpenSignatures parser on the Tuning Parameters page. See OpenSignature tuning parameters.