Use the OpenSignatures page to write
pattern-matching signatures that detect specific threats to your Network
IPS appliance.
About this task
Navigating in the IPS Local Management Interface:
Navigating
in SiteProtector™ Management:
select the OpenSignature Events policy
Procedure
- Click the Add icon.
- Set the following:
Option |
Description |
Enabled |
Enables the rule. |
Comment |
Specifies a unique description for the rule. |
Rule String |
Specifies the criteria that the appliance monitors for as
it inspects traffic that could trigger the OpenSignature event. |
- Click OK.
- (Optional) Select the rule and click the Up or Down arrows
to place the rule in the order that you want it to process.
What to do next
For OpenSignatures to work, you must enable the OpenSignatures
parser on the Tuning Parameters page. See OpenSignature tuning parameters.