Configuring OpenSignatures

Use the OpenSignatures events feature on your Network IPS appliance to write customized, pattern-matching signatures using a flexible rules language.

About this task

In order for OpenSignatures to work, you must enable the OpenSignature parser. For information about enabling the OpenSignature parser and other OpenSignature tuning parameters, see OpenSignature tuning parameters.

Attention: IBM® Customer Support is not available to help write or troubleshoot custom rules. If you require assistance to create custom signatures, contact IBM Professional Services.
These rules detect specific threats that are not preemptively covered in IPS products. This feature is integrated into the IBM Protocol Analysis Module (PAM) as a rule interpreter.
Important: OpenSignatures require the content keyword to function properly. If the OpenSignature rule is improperly formatted, you might receive a PAM configuration error response.