The Network IPS appliance supports OpenSignatures,
which
are customized, pattern-matching signatures written with a flexible
rules language.
About this task
In
order for OpenSignatures to work, you must enable the
OpenSignature parser. For information about how to enable the OpenSignature
parser and other OpenSignature tuning parameters, see OpenSignature tuning parameters.
Attention: IBM® Support is not available to help write or
troubleshoot custom rules. If you need assistance with creating custom
signatures, contact IBM Professional
Services.
These
rules detect specific threats that are not preemptively covered in
Network IPS products. This feature is integrated with the IBM Protocol Analysis Module (PAM)
as a rule interpreter.
Important: OpenSignatures require the content keyword
to function properly. If the OpenSignature rule is improperly formatted,
you might receive a PAM configuration error response.