About this task
In order for OpenSignatures to work, you must enable the
OpenSignature parser. For information about enabling the OpenSignature
parser and other OpenSignature tuning parameters, see OpenSignature tuning parameters.
Attention: IBM® Customer Support is not available to help
write or troubleshoot custom rules. If you require assistance to create
custom signatures, contact IBM Professional
Services.
These
rules detect specific threats that are not preemptively covered in
IPS products. This feature is integrated into the IBM Protocol Analysis Module (PAM) as a rule
interpreter.
Important: OpenSignatures require the content keyword
to function properly. If the OpenSignature rule is improperly formatted,
you might receive a PAM configuration error response.