Filter
Top Products
8-55
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
-----------------------------------------------
sensor(config-sig-sig-str)#
Step 18 Exit signature definition submode.
sensor(config-sig-sig-str)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 19 Press Enter to apply the changes or enter no to discard them.
For More Information
For detailed information about the String XL signature engine, see String XL Engines, page B-66.
Example String XL TCP Engine Minimum Match Length Signature
Caution A custom signature can affect the performance of your sensor. Test the custom signature against a
baseline sensor performance for your network to determine the overall impact of the signature.
Note This procedure also applies to String XL UDP and String XL ICMP signatures, with the exception of the
parameter service-ports, which does not apply to String XL ICMP signatures.
You can modify the following optional parameters to work with a specific Regex string:
• dot-all true {true | false}—If set to true, matches [\x00-\xFF] including \n; if set to false, matches
anything in the range [\x00-\xFF] except \n. The default is false.
• specify-min-match-length {yes | no}—Enables minimum match length:
–
min-match-length—Specifies the maximum number of bytes the regular expression string
must match for the pattern to be considered a hit. The value is 0 to 65535.
• stingy {true | false}—If set to true, specifies to stop looking for larger matches after the first
completed match. The default is false.
Note Stingy can only be used with min-match-length; otherwise, it is ignored.
• utf8 {true | false}—If set to true, treats all legal UTF-8 byte sequences in the expression as a single
character. The default is false.