Filter
Top Products
B-17
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Atomic Engine
Table B-8 lists the parameters that are specific to the Atomic IP Advanced engine.
Note The second number in the ranges must be greater than or equal to the first number.
Table B-8 Atomic IP Advanced Engine Parameters
Parameter Description Value
Global
fragment-status Specifies whether or not fragments are
wanted.
any | no-fragments |
want-fragments
specify-encapsulation {yes |
no}
(Optional) Enables any encapsulation before
the start of Layer 3 for the packet:
1
• encapsulation—Specifies the type of
encapsulation to inspect.
none | mpls | gre |
ipv4-in-ipv6 | ipip|
any
specify-ip-version {yes | no} (Optional) Enables the IP protocol version:
• version—Specifies IPv4 or IPv6.
ipv4 | ipv6
swap-attacker-victim Swaps the attacker and victim addresses and
ports (source and destination) in the alert
message and in any actions taken.
true |false (default)
Regex
specify-regex-inspection (Optional) Enables Regex inspection. yes | no
regex-scope Specifies the start and end points for the
regular expression search.
ipv6-doh-only
ipv6-doh-plus
ipv6-hoh-only
ipv6-hoh-plus
ipv6-rh-only
ipv6-rh-plus
layer3-only
layer3-plus
layer4
regex-string Specifies the regular expression to search for
in a single TCP packet.
string
specify-exact-match-offset
{yes | no}
Enables exact match offset:
• exact-match-offset—Specifies the exact
stream offset the regex-string must report
for a match to be valid.
0 to 65535
specify-min-match-length {yes
| no}
Enables minimum match length:
• min-match-length—Specifies the
minimum number of bytes the
regex-string must match.
0 to 65535