Enterasys Intrusion Prevention System Manual page 158

Network sensor policies and signatures guide

Hide thumbs Also See for Intrusion Prevention System:

Reporting manual (122 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

page of 260

/ 260
Contents
Table of Contents
Bookmarks

Table of Contents

Creating Custom Signatures

If desired, assign a severity to the signature from the Score pull-down menu. The score can be

used by a Security Information Manager (SIM) such as the Enterasys Security Information and

Event Manager.

Select the Event Group to assign the signature from the Classification drop-down list. For

more information about Event Groups, see

For basic signatures, in the Direction group, configure:

b. Traffic direction, which refer to the direction of flow with respect to the protected

In the Signature Protocol group, specify the protocol to which the signature applies. TCP is

the default. If you select Other, enter the protocol number. Refer to

list of common protocol numbers.

3-16 Creating Network Sensor Signatures

Service direction, which refers to the signature port. Select:

any if the signature should match packets with either or both destination and source

ports that match the configured Signature Port value. any can be used to watch traffic

in both directions. (default)

source if the signature should match packets with a source port that matches the

configured Signature Port value. Typically, source is used for packets originating from

the server.

destination if the signature should match packets with a destination port that

matches the configured Signature Port value. Typically, destination is used for

packets directed to a well known port on a server.

both if the signature should match packets with both a source and destination port

that matches the configured Signature Port value.

network defined on the virtual sensor. Select:

any to apply the signature to all traffic (default).

toward to apply the signature to traffic toward the protected network.

from to apply the signature to traffic originating from the protected network.

internal to apply the signature to traffic that is entirely internal to the protected

network. That is, both source and destination are located within the protected

network.

external to apply the signature to traffic that is entirely external to the protected

network. That is, both source and destination are located outside the protected

network.

Note: Any values you configure for Direction on this tab page will be superseded by values

configured on the Extended Settings tab page.

Note: Any value you configure for Protocol on this tab page will be superseded by values

configured on the Extended Network Layer tab page.

Event Group Descriptions

on page 1-11.

Table 2-2

on page 2-11 for a

Table of Contents

Need help?

Do you have a question about the Intrusion Prevention System and is the answer not in the manual?

Enterasys Intrusion Prevention System Manual page 158

Need help?

Related Manuals for Enterasys Intrusion Prevention System

Related Products for Enterasys Intrusion Prevention System

Table of Contents