Use these tuning parameters to enable the OpenSignature parser, to configure OpenSignature responses, and to enable and configure OpenSignature throttling.
Navigating in the IPS Local Management Interface:
Navigating in SiteProtector™ Management: select the Tuning Parameters policy
Enable the OpenSignature parser to integrate the parser into PAM. When you enable the parser, the appliance processes your OpenSignature rules from the OpenSignatures page.
Parameter | Type | Default Value | Description |
---|---|---|---|
engine.opensignature.enabled | Boolean | True | Enables the OpenSignature parser. |
Parameter | Type | Default Value | Description |
---|---|---|---|
np.opensignature.user.response | String | DISPLAY:WithoutRaw | Defines the notification responses
for OpenSignature rules. Valid notification responses are:
Example: np.opensignature.user.response=DISPLAY:WithouRaw,EMAIL:<myEmail>
|
np.opensignature.response | String | None | Defines the protection responses for
OpenSignature rules. Valid protection responses are:
Example: np.opensignature.response=block
|
np.opensignature.quarantine.rule | String | None | Defines the quarantine parameters for
the quarantine response. This parameter is only valid if the quarantine-traffic response
is defined as part of the np.opensignature.response parameter. Valid
quarantine rule parameters are:
Example:
|
Enable throttling for OpenSignatures to control how the appliance reports duplicate OpenSignature events to IPS Local Management Interface and to SiteProtector.
Parameter | Type | Default Value | Description |
np.opensignature.throttle.time | Number | 0 | Enables throttling for OpenSignature rules and specifies the number of seconds to suppress the reporting of duplicate OpenSignatures. |