B-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
APPENDIX
B
Signature Engines
This appendix describes the IPS signature engines, and contains the following sections:
• Understanding Signature Engines, page B-1
• Master Engine, page B-4
• Regular Expression Syntax, page B-9
• AIC Engine, page B-10
• Atomic Engine, page B-14
• Fixed Engine, page B-30
• Flood Engine, page B-32
• Meta Engine, page B-33
• Multi String Engine, page B-36
• Normalizer Engine, page B-37
• Service Engines, page B-40
• State Engine, page B-61
• String Engines, page B-63
• String XL Engines, page B-66
• Sweep Engines, page B-69
• Traffic Anomaly Engine, page B-72
• Traffic ICMP Engine, page B-74
• Trojan Engines, page B-75
Understanding Signature Engines
A signature engine is a component of the Cisco IPS that is designed to support many signatures in a
certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters
that have allowable ranges or sets of values.
Note The Cisco IPS engines support a standardized Regex.