About this task
In order for OpenSignatures to work, you must enable the
OpenSignature parser. For information about how to enable the OpenSignature
parser and other OpenSignature tuning parameters, see OpenSignature tuning parameters.
Attention: IBM® Support is not available to help write or
troubleshoot custom rules. If you need assistance with creating custom
signatures, contact IBM Professional
Services.
These
rules detect specific threats that are not preemptively covered in
IPS products. This feature is integrated into the IBM Protocol Analysis Module (PAM) as a rule
interpreter.
Important: OpenSignatures require the content keyword
to function properly. If the OpenSignature rule is improperly formatted,
you might receive a PAM configuration error response.