Query Example - ZyXEL Communications ZyWALL 1100 User Manual
Zywall/usg series
Hide thumbs
Also See for ZyWALL 1100:
- User manual (994 pages) ,
- Handbook (749 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Table 185 Configuration > UTM Profile > IDP > Profile: Query View (continued)
LABEL
Query Signatures
Search all
custom
signatures
Name
Signature ID
Severity
Attack Type
Platform
Service
Action
Activation
Log
Search
Query Result
OK
Cancel
Save
28.2.5 Query Example
This example shows a search with these criteria:
Chapter 28 IDP
DESCRIPTION
Select the criteria on which to perform the search.
Select this check box to include signatures you created or imported in the Custom
Signatures screen in the search. You can search for specific signatures by name or ID.
If the name and ID fields are left blank, then all signatures are searched according to
the criteria you select.
Type the name or part of the name of the signature(s) you want to find.
Type the ID or part of the ID of the signature(s) you want to find.
Search for signatures by severity level(s). Hold down the [Ctrl] key if you want to make
multiple selections.
These are the severities as defined in the ZyWALL/USG. The number in brackets is the
number you use if using commands.
Severe (5): These denote attacks that try to run arbitrary code or gain system
privileges.
High (4): These denote known serious vulnerabilities or attacks that are probably not
false alarms.
Medium (3): These denote medium threats, access control attacks or attacks that could
be false alarms.
Low (2): These denote mild threats or attacks that could be false alarms.
Very-Low (1): These denote possible attacks caused by traffic such as Ping, trace
route, ICMP queries etc.
Search for signatures by attack type(s) (see
known as policy types in the group view screen. Hold down the [Ctrl] key if you want to
make multiple selections.
Search for signatures created to prevent intrusions targeting specific operating
system(s). Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by IDP service group(s). See
details. Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by the response the ZyWALL/USG takes when a packet matches a
signature. See
Table 182 on page 452
want to make multiple selections.
Search for activated and/or inactivated signatures here.
Search for signatures by log option here. See
Click this button to begin the search. The results display at the bottom of the screen.
Results may be spread over several pages depending on how broad the search criteria
selected were. The tighter the criteria selected, the fewer the signatures returned.
The results are displayed in a table showing the SID, Name, Severity, Attack Type,
Platform, Service, Activation, Log, and Action criteria as selected in the search.
Click the SID column header to sort search results by signature ID.
Click OK to save your settings to the ZyWALL/USG, complete the profile and return to
the profile summary page.
Click Cancel to return to the profile summary page without saving any changes.
Click Save to save the configuration to the ZyWALL/USG, but remain in the same page.
You may then go to the another profile screen (tab) in order to complete the profile.
Click OK in the final profile screen to complete the profile.
ZyWALL/USG Series User's Guide
459
Table 183 on page
456). Attack types are
Table 183 on page 456
for action details. Hold down the [Ctrl] key if you
Table 182 on page 452
for group
for option details.
- Quick Links:
- Web Configurator
- Web Configurator Access
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
