Table of Contents
Advertisement
Network Intrusion Detection System (NIDS)
Viewing the signature list
Viewing attack descriptions
FortiGate-50R Installation and Configuration Guide
To display the current list of NIDS signature groups and to view the members of a
signature group:
1
Go to NIDS > Detection > Signature List.
2
View the names and action status of the signature groups in the list.
The NIDS detects attacks listed in all the signature groups that are checked in the
Modify or Details column.
Note: The user-defined signature group is the last item in the signature list. See
defined signatures" on page
3
Select View Details
The Signature Group Members list displays the attack ID, Rule Name, and Revision
number for each group member.
Fortinet provides online information for all NIDS attacks. To view the FortiResponse
Attack Analysis web page for an attack listed on the signature list:
1
Go to NIDS > Detection > Signature List.
2
Select View Details
Select a signature and copy its attack ID.
3
Open a web browser and enter this URL:
http://www.fortinet.com/ids/ID<attack-ID>
Remember to include the attack ID.
For example, to view the Fortinet Attack Analysis web page for the ssh CRC32
overflow /bin/sh attack (ID 101646338), use the following URL:
http://www.fortinet.com/ids/ID101646338
Note: Each attack log message includes a URL that links directly to the FortiResponse Attack
Analysis web page for that attack. This URL is available from the Attack Log messages and
Alert email messages. For information about log message content and formats, and about log
locations, see the Logging Configuration and Reference Guide. To log attack messages, see
"Logging attacks" on page
Figure 34: Example signature group members list
196.
.to display the members of a signature group.
.to display the members of a signature group.
200.
Detecting attacks
"Adding user-
195
Advertisement
Table of Contents
