Filter
Top Products
Contents
vii
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Understanding Policies
7-1
Working With Signature Definition Policies
7-2
Understanding Signatures
7-3
Configuring Signature Variables
7-4
Understanding Signature Variables
7-4
Creating Signature Variables
7-4
Configuring Signatures
7-6
Signature Definition Options
7-6
Configuring Alert Frequency
7-7
Configuring Alert Severity
7-9
Configuring the Event Counter
7-10
Configuring Signature Fidelity Rating
7-12
Configuring the Status of Signatures
7-13
Configuring the Vulnerable OSes for a Signature
7-14
Assigning Actions to Signatures
7-15
Configuring AIC Signatures
7-17
Understanding the AIC Engine
7-17
AIC Engine and Sensor Performance
7-18
Configuring the Application Policy
7-18
AIC Request Method Signatures
7-20
AIC MIME Define Content Type Signatures
7-21
AIC Transfer Encoding Signatures
7-24
AIC FTP Commands Signatures
7-25
Creating an AIC Signature
7-26
Configuring IP Fragment Reassembly
7-28
Understanding IP Fragment Reassembly
7-28
IP Fragment Reassembly Signatures and Configurable Parameters
7-28
Configuring IP Fragment Reassembly Parameters
7-30
Configuring the Method for IP Fragment Reassembly
7-30
Configuring TCP Stream Reassembly
7-31
Understanding TCP Stream Reassembly
7-31
TCP Stream Reassembly Signatures and Configurable Parameters
7-32
Configuring TCP Stream Reassembly Signatures
7-36
Configuring the Mode for TCP Stream Reassembly
7-37
Configuring IP Logging
7-39
Creating Custom Signatures
7-40
Sequence for Creating a Custom Signature
7-40
Example String TCP Engine Signature
7-41
Example Service HTTP Engine Signature
7-44