Creating Custom Signatures; Custom Signature Fields - Fortinet Network Device IPS User Manual

Custom signatures

Creating custom signatures

Custom signature fields

FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916
Custom signatures are added separately to each VDOM. In each VDOM, there
can be a maximum of 255 custom signatures.
A custom signature definition is limited to a maximum length of 512 characters. A
definition can be a single line or span multiple lines connected by a backslash (\)
at the end of each line.
A custom signature definition begins with a header, followed by a set of
keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs
are separated by a semi colon (;) and consist of a keyword and a value separated
by a space. The basic format of a definition is HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512 character
limit.
Table 1shows the valid characters for custom signature fields.
Table 1: Valid characters for custom signature fields
Field Valid Characters
HEADER F-SBID
KEYWORD Each keyword must start with
"--", and be a string of 1 to 19
characters.
Normally, keywords are an
English word or English
words connected by "_".
Keywords are case
insensitive.
VALUE Double quotes must be used
around the value if it contains
a space and/or a semicolon.
If the value is NULL, the
space between the
KEYWORD and VALUE can
be omitted.
Values are case sensitive.
Note: if double quotes are
used for quoting the value,
the double quotes are not
considered as part of the
value string.
Creating custom signatures
Usage
The header for an attack definition
signature. Each custom signature must
begin with this header.
The keyword is used to identify a
parameter. See "Custom signature
syntax" on page 24 for tables of
supported keywords.
Set the value for a parameter identified
by a keyword.
23