Table of Contents
Advertisement
Creating Custom Signature Libraries
3.
Select Filter Signatures, then click the Filter Settings button. The Signature Filter Dialog
window is displayed.
4.
Signature Name Contains: If you want to filter based on signature name, enter any text
characters contained in the signature name. For example, if you wanted to display all the
signatures in the APPS Master Library that look for Chat traffic, you could enter WHOIS in
this field. This filter would limit the display to only three signatures with WHOIS in their
names.
5.
Signature Description Contains: Similarly, if you want to filter based on the signature
description, enter any text characters contained in the signature description.
6.
Signature OS: If you want to filter based on operating system, select the operating system to
which the signature applies from the drop-down menu. Choices are UNIX, Solaris, Windows,
Novell, Embedded, Any, or All Operating Systems. The default is All Operating Systems.
7.
Score: Select a score if you want to filter by the signature severity score used by a Security
Information Manager (SIM). Options include Low, Medium, High and Critical.
8.
Event Group Contains: If the library contains signatures from multiple Master Libraries, you
can filter on text in the Event Group name (which is synonymous with Master Library name).
3-10 Creating Network Sensor Signatures
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?