Configuring OpenSignature rules

Use the OpenSignatures page for the Network IPS appliance to write pattern-matching signatures that detect specific threats to the appliance.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > OpenSignatures

Navigating in the SiteProtector™ system: select the OpenSignature Events policy

Procedure

  1. Click the Add icon.
  2. Configure the following options:
    Option Description
    Enabled Enables the rule.
    Comment Specifies a unique description for the rule.
    Rule String Specifies the criteria that the appliance monitors for as it inspects traffic that could trigger the OpenSignature event.
  3. Click OK.
  4. Optional: Select the rule and click the Up arrow or the Down arrow to place the rule in the order that you want the rule processed.

What to do next

For OpenSignatures to work, you must enable the OpenSignatures parser on the Tuning Parameters page. See OpenSignature tuning parameters.