Filter
Top Products
8-47
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
Step 11 Configure the Regex parameters.
sensor(config-sig-sig)# engine service-http
sensor(config-sig-sig-ser)# regex
sensor(config-sig-sig-ser-reg)# specify-uri-regex yes
sensor(config-sig-sig-ser-reg-yes)# uri-regex [Mm][Yy][Ff][Oo][Oo]
Step 12 Exit Regex submode.
sensor(config-sig-sig-ser-reg-yes)# exit
sensor(config-sig-sig-ser-reg-)# exit
Step 13 Configure the service ports using the signature variable WEBPORTS.
sensor(config-sig-sig-ser)# service-ports $WEBPORTS
Step 14 Exit signature definition submode.
sensor(config-sig-sig-ser)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 15 Press Enter to apply the changes or enter no to discard them.
Example Meta Engine Signature
Caution A custom signature can affect the performance of your sensor. Test the custom signature against a
baseline sensor performance for your network to determine the overall impact of the signature.
The Meta engine is different from other engines in that it takes alerts as input where most engines take
packets as input.
The following options apply:
• component-list name1—Specifies the list of Meta components:
–
edit—Edits an existing entry in the list.
–
insert —Inserts a new entry into the list.
–
move—Moves an entry in the list.
–
begin—Places the entry at the beginning of the active list.
–
end—Places the entry at the end of the active list.
–
inactive—Places the entry into the inactive list.
–
before—Places the entry before the specified entry.
–
after—Places the entry after the specified entry.
–
component-count—Specifies the number of times component must fire before this component
is satisfied.
–
component-sig-id—Specifies the signature ID of the signature to match this component on.
–
component-subsig-id—Specifies the subsignature ID of the signature to match this component
on.