To edit a signature, click the Con?¬?gure button at the top of
the SDM home page, click the Intrusion Prevention icon in the Tasks toolbar, and click
the Edit IPS tab of the IPS window, as shown in Figure 6-33. Click the Signatures dropdown
arrow to open the directory tree of signatures.
172 Tuning Signatures Through SDM
Figure 6-33 Edit IPS
Select the signature you want to edit and then click the Edit button on the top of the tab.
The Edit Signature dialog box appears, as shown in Figure 6-34. Default parameters are
indicated with a green box. Altering parameter change the indicator icon to a red diamond.
In this example, the AlarmSeverity parameter was changed from the default of Medium to
a custom setting of High.
Tuning Signatures Through SDM 173
Figure 6-34 Editing a Signature
You can also disable a signature group from this spot in SDM. In Figure 6-35, all UNIXrelated
signatures are disabled. To accomplish this, click the category named OS and then
select the UNIX subcategory. Click the Select All button at the top of the tab, and then click
the Disable button to disable all UNIX-related signatures. Note that all green arrows have
been changed to red circles. A yellow octagon appears in the next column to provide a
visual clue that this is a custom setting.
Pages:
122
123
124
125
126
127
128
129
130
131
132
133
134
135