For Network IPS appliances, use these tuning parameters to enable the OpenSignature parser, to configure OpenSignature responses, and to enable and configure OpenSignature throttling.
Navigating in the Network IPS Local Management Interface:
Navigating in the SiteProtector™ system: select the Tuning Parameters policy
Enable the OpenSignature parser to integrate the parser into PAM. When you enable the parser, the appliance processes your OpenSignature rules from the OpenSignatures page.
Parameter | Type | Default Value | Description |
---|---|---|---|
engine.opensignature.enabled | Boolean | True | Enables the OpenSignature parser. |
Parameter | Type | Default Value | Description |
---|---|---|---|
np.opensignature.user.response | String | DISPLAY:WithoutRaw | Defines
the notification responses
for OpenSignature rules. Valid notification responses are as follows:
Example: np.opensignature.user.response=DISPLAY:WithouRaw,EMAIL:<myEmail>
|
np.opensignature.response | String | None | Defines
the protection responses for
OpenSignature rules. Valid protection responses are as follows:
Example: np.opensignature.response=block
|
np.opensignature.quarantine.rule | String | None | Defines
the quarantine parameters for
the quarantine response. This parameter is only valid if the quarantine-traffic response
is defined as part of the np.opensignature.response parameter. Valid
quarantine rule parameters are as follows:
Example:
|
Enable throttling for OpenSignatures to control how the appliance reports duplicate OpenSignature events to the Network IPS Local Management Interface and to the SiteProtector system.
Parameter | Type | Default Value | Description |
---|---|---|---|
np.opensignature.throttle.time | Number | 0 | Enables throttling for OpenSignature rules and specifies the number of seconds to suppress the reporting of duplicate OpenSignatures. |