Table of Contents
Advertisement
Network Sensor Signatures
Figure 1-3
Master Signature Libraries
Signature Libraries and Event Groups
The predefined signatures shipped with Enterasys IPS are organized into Master Libraries based
on the signature's function. When an event is generated as a result of a signature match, the event
is named with the name of the signature. For example, if the signature AFS:OVERFLOW-
TCPDUMP (from the ATTACKS Master Library) is matched, an event named AFS:OVERFLOW-
TCPDUMP is generated.
In the Enterasys IPS Realtime reporting tools, generated events are organized by Event Groups,
which have the same names as the Master Libraries. So for example, an AFS:OVERFLOW-
TCPDUMP event will be associated with the ATTACKS Event Group. You can use Event Groups
as one way to filter event reporting.
When you create your own custom signature libraries and custom signatures, the events
generated when your custom signatures are matched will be named with the name of your custom
signature and will be assigned to the event group specified during signature configuration.
The following sections describe the type of signatures contained in the predefined Master
Libraries, and therefore, the types of events grouped under the equivalent Event Groups in the
Enterasys IPS Realtime reporting tools.
1-10 Network Sensor Overview
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?