Filter
Top Products
8-57
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Creating Custom Signatures
Step 13 Specify a minimum match length for this signature that can only be used with stingy.
sensor(config-sig-sig-str-no)# specify-min-match-length yes
sensor(config-sig-sig-str-no-yes)# min-match-length 100
sensor(config-sig-sig-str-no-yes)# exit
sensor(config-sig-sig-str-no)# stingy true
Step 14 Verify the settings.
sensor(config-sig-sig-str-no)# show settings
no
-----------------------------------------------
regex-string: ht+p[\r\].
dot-all: true default: false
end-optional: false <defaulted>
no-case: false <defaulted>
stingy: true default: false
utf8: false <defaulted>
specify-min-match-length
-----------------------------------------------
yes
-----------------------------------------------
min-match-length: 100
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-sig-str-no)#
Step 15 Specify a new Regex string to search for and turn on UTF-8.
sensor(config-sig-sig-str-no)# regex-string \x5c\x31\x30\x2e\x30[\x00-\xff]+\
x2e\x31\x5c\x74\x65\x6d\x70
sensor(config-sig-sig-str-no)# utf8 true
Step 16 Verify the settings:
sensor(config-sig-sig-str-no)# show settings
no
-----------------------------------------------
regex-string: \x5c\x31\x30\x2e\x30[\x00-\xff]+\x2e\x31\x5c\x74\x65\x6d\x70
dot-all: true default: false
end-optional: false <defaulted>
no-case: false <defaulted>
stingy: true default: false
utf8: true default: false
specify-min-match-length
-----------------------------------------------
yes
-----------------------------------------------
min-match-length: 100
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
Step 17 Exit signature definition submode.
sensor(config-sig-sig-str-no)# exit
sensor(config-sig-sig-str)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]: