Cisco ASA 5505 Configuration Manual page 1120

Configuring IP Audit for Basic IPS Support
Add/Edit IP Audit Policy Configuration
The Configuration > Properties > IP Audit > IP Audit Policy > Add/Edit IP Audit Policy Configuration
dialog box lets you add or edit a named IP audit policy that you can assign to interfaces, and lets you
modify the default actions for each signature type.
Fields
•
•
•
IP Audit Signatures
The Configuration > Properties > IP Audit > IP Audit Signatures pane lets you disable audit signatures.
You might want to disable a signature if legitimate traffic continually matches a signature, and you are
willing to risk disabling the signature to avoid large numbers of alarms.
For a complete list of signatures, see the
Fields
•
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
52-6
Policy Name—Sets the IP audit policy name. You cannot edit the name after you add it.
Policy Type—Sets the policy type. You cannot edit the policy type after you add it.
– Attack—Sets the policy type as attack.
Information—Sets the policy type as informational.
–
Action—Sets one or more actions to take when a packet matches a signature. If you do not choose
an action, then the default policy is used.
– Alarm—Generates a system message showing that a packet matched a signature. For a complete
list of signatures, see
– Drop—Drops the packet.
– Reset—Drops the packet and closes the connection.
Enabled—Lists the enabled signatures.
Disabled—Lists the disabled signatures.
Disable—Moves the selected signature to the Disabled pane.
Enable—Moves the selected signature to the Enabled pane.
IP Audit Signature List.
"IP Audit Signature List" section on page
Chapter 52 Using Protection Tools
52-7.
OL-20339-01