8-50
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
meta
-----------------------------------------------
event-action: produce-alert <defaulted>
swap-attacker-victim: false <defaulted>
meta-reset-interval: 60 <defaulted>
component-list (ordered min: 1, max: 32, current: 2 - 2 active, 0 inactive)
-----------------------------------------------
ACTIVE list-contents
-----------------------------------------------
NAME: m1
-----------------------------------------------
component-sig-id: 1000
component-subsig-id: 0 default: 0
component-count: 1 default: 1
is-not-component: false <defaulted>
-----------------------------------------------
-----------------------------------------------
NAME: m2
-----------------------------------------------
component-sig-id: 1001
component-subsig-id: 0 <defaulted>
component-count: 1 <defaulted>
is-not-component: true default: false
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
meta-key
-----------------------------------------------
Axxx
-----------------------------------------------
unique-victims: 1 <defaulted>
-----------------------------------------------
-----------------------------------------------
component-list-in-order: false default: false
all-components-required: true default: true
all-nots-required: false default: false
-----------------------------------------------
sensor(config-sig-sig-met)#
Step 14 Exit signature definition submode.
sensor(config-sig-sig-met)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 15 Press Enter to apply the changes or enter no to discard them.
For More Information
• For more information on Signature Event Action Processor, see Signature Event Action Processor,
page 7-3.
• For more information on the Meta engine, see Meta Engine, page B-33.