Configuring shared tuning

Use the Shared Tuning tab on the Web Application Protection page for the Network IPS appliance to list tuning parameters that the appliance ignores as protection against the following signatures: Client-Side attacks, Injection attacks, Malicious File Execution, and Cross-Site Request Forgery.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Security Modules > Web Application Protection

Navigating in the SiteProtector™ system: select the Web Application Protection policy

Use this page to reduce unwanted security alerts about valid web application requests. Enter the keyword or parameter name from the web application request. If the appliance detects the parameter name, it ignores it and does not create a security alert.

The parameter names that you enter on this page depend upon the network environment. Some common parameter names are foo, id, and arg. If you want to analyze common parameter names that are found on your network, see Review Analysis and Diagnostics > Logs > Security Alerts. Within the alert details of the detected web application security attacks, find the parameter name that is indicated by field:<keyword>.

Important: You cannot assign these signatures to a custom protection domain. They are automatically assigned to the global protection domain. In turn, the SiteProtector system heartbeats the WAP policy with the global shared tuning parameters to all the Network IPS appliances it manages.

Procedure

  1. Click the appropriate tab of the protection category that you want to tune.
    Important: Before you modify settings in Injection Attacks Tuning, contact IBM® Support for assistance. See General support.
  2. Click the Add icon.
  3. In the Add window, type the appropriate parameter name.
  4. Click OK.
  5. In the SiteProtector system only: Import parameters from AppScan® if available.
    Remember: Like all parameters on the Shared Tuning tab, the appliance assigns parameters that are imported from AppScan to the global protection domain. The SiteProtector system heartbeats the WAP policy with the new global AppScan parameters to all the Network IPS appliances that it manages.