180 Detecting
Configuring signature detection
About user-defined signatures
Managing signatures
Symantec Network Security uses signatures as a compliment to PAD. The
combination provides robust detection without the weaknesses of either PAD
alone or signatures alone. Symantec Network Security's high performance is
maintained by matching against the smallest set of signatures as is possible
given the current context. Since many threats are detected and refined through
the PAD functionality, Symantec Network Security minimizes the set of
required signatures to maximize performance.
Symantec Network Security also uses methods of rapid response in creating
signatures that detect attempts to exploit new vulnerabilities as soon as they hit
the network, independent of the exploit tool. This results in earlier prevention
of threats and more complete coverage.
The Network Security console provides a way to configure and enable additional
user-defined signatures on a per-sensor basis, as well as global signature
variables, such as creating the variable name
User-defined signatures are synchronized across clusters so that each node has
the title, severity, and definition of the user-defined signature. SuperUsers can
create, define, edit, and delete user-defined signatures. All users can view them.
Note: SuperUsers and Administrators can view and create user-defined
signatures; StandardUsers and RestrictedUsers can view only. See
reference"
on page 319 for more about permissions.
The Network Security console provides a way to configure and enable your own
user-defined signatures on a per-sensor basis. You can also define variables,
such as creating the variable name
This section includes the following topics:
Viewing signatures
■
Adding or editing user-defined signatures
■
Deleting user-defined signatures
■
Adding new signature variables
■
Importing user-defined signatures
■
Resolving signature compile errors
■
Managing signature variables
■
to stand for a value of 2600.
port
to stand for a value of 2600.
port
"User groups