Viewing The Signature List; Viewing Attack Descriptions - Fortinet FortiGate 50A Installation And Configuration Manual

Network Intrusion Detection System (NIDS)

Viewing the signature list

Viewing attack descriptions

FortiGate-50A Installation and Configuration Guide
You can display the current list of NIDS signature groups and the members of a
signature group.
To view the signature list
1 Go to NIDS > Detection > Signature List.
2 View the names and action status of the signature groups in the list.
The NIDS detects attacks listed in all the signature groups that have check marks in
the Enable column.
Note: The user-defined signature group is the last item in the signature list. See
defined signatures" on page
3 Select View Details
The Signature Group Members list displays the attack ID, Rule Name, and Revision
number for each group member.
Fortinet provides online information for all NIDS attacks. You can view the
FortiResponse Attack Analysis web page for an attack listed on the signature list.
To view attack descriptions
1 Go to NIDS > Detection > Signature List.
2 Select View Details
3 Select a signature and copy its attack ID.
4 Open a web browser and enter the following URL:
http://www.fortinet.com/ids/ID<attack-ID>
Make sure that you include the attack ID.
For example, to view the Fortinet Attack Analysis web page for the ssh CRC32
overflow /bin/sh attack (ID 101646338), use the following URL:
http://www.fortinet.com/ids/ID101646338
Note: Each attack log message includes a URL that links directly to the FortiResponse Attack
Analysis web page for that attack. This URL is available in the Attack Log messages and Alert
email messages. For information about log message content and formats, and about log
locations, see the FortiGate Logging and Message Reference Guide. For information about
logging attack messages, see
218.
.to display the members of a signature group.
.to display the members of a signature group.
"Logging attacks" on page
Detecting attacks
"Adding user-
222.
217